-
Notifications
You must be signed in to change notification settings - Fork 24
dns spf
From Wikipedia https://en.wikipedia.org/wiki/Sender_Policy_Framework
Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email
Similar to DKIM, setting up SPF is highly recommended.
Create a TXT record for mydomain.com. with the value:
v=spf1 mx -all
What it means is only your server can send email with @mydomain.com domain.
To verify, the following command
dig @1.1.1.1 mydomain.com txtshould return the above value.
Some email providers like Gmail and Proton Mail do not use strict SPF records (they use a soft policy ~all instead of -all) to support traditional email forwarding and group mailing lists. While this reduces junk email, it introduces a security vulnerability: a malicious actor could potentially impersonate your alias through the reverse-alias feature by exploiting the soft SPF policy.
If you want to strengthen your email security by enforcing strict SPF validation even when your mailbox provider uses a soft policy, SimpleLogin provides a configuration option to enable this protection. This is particularly valuable if you are concerned about alias impersonation attacks.
For detailed configuration steps, refer to the SimpleLogin enforce-spf documentation.