SPF (Sender Policy Framework) is a method
used to prevent sender address forgery, i.e. using fake sender
addresses. SPF allows a domain’s administrator to set a policy that
authorizes particular hosts to send mail from the domain. A receiving
mail server checks that the incoming mail from a domain comes from a
host authorized by that domain’s administrator. SPF is based on the
rules specified by the administrator in the sender’s DNS zone.
In Plesk, you can set up an SPF policy for outgoing mail by specifying
rules in a DNS record. In Plesk for Linux, SPF also checks
incoming mail by default.
When SPF is set up, the mail server checks incoming mail using the following algorithm steps:
-
Read local rules.
Local rules are the rules used by the spam filter.
An example local rule can be the following:a:test.plesk.com
. -
Search for the sender’s DNS SPF record (if any).
An example SPF record can be the following:
example.com. TXT v=spf1 +a +mx -all
-
Concatenate the local rules and the SPF record into the resulting policy.
In our example, the resulting policy will be
example.com. TXT v=spf1 +a +mx +a:test.plesk.com -all
.Note: If the mail server detects no SPF record, the resulting policy will comprise the local rules only.
-
Check mail against the policy resulting from the previous step.
-
Read guess rules.
Guess rules are the global rules that override the SPF record.
An example guess rule can be the following:v=spf1 +a/24 +mx/24 +ptr ?all
. -
Check mail against the guess rules only.
-
Compare the results of the two checks: the one made against the resulting policy (step 4)
and the one made against the guess rules only (the previous step).
Apply the check whose result is more permissive.
<a class="reference external" href="https://tools.ietf.org/html/rfc7208#…