Background
Want to jump the techie queue and set up SPF without reading reams and reams of documentation?
SPF is a typical email security protocol that was designed by someone who wasn’t a student of “user friendliness”. What compounds the issue is other Internet articles just tells that you that you can do this and do that, but not what is recommended.
Our good friend Keith who is a hosting genius provided us this short and sweet SPF record that just works. So next time you want to avoid the mumbo jumbo and just get on with it, pop in this puppy and get some really good protection right out of the box:
What this one does:
- Allow legitimate senders where the A record of the domain matches
- If you can ping yourdomain.com and email originates from there, it’s good to go
- Allow legitimate senders where the MX record of the domain matches
- Basically the destination email server will check the MX and if this email originates from that IP it will be fine
- Hard Fail, meaning only allow senders from these settings
Please note with hard fail:
“Yes, the consensus is to avoid hard fails on SPF records since it breaks email forwarding unless the forwarding server uses SRS. The “~all” entry is generally preferred since it gets messages from non-standard senders bumped up in spam detection systems, but doesn’t outright fail them.” – Reference
Go forth and conquer!
See Also
https://kb.vander.host/email/how-do-i-set-up-spf-and-dkim-on-linux/