--> SPF stands for Sender Policy Framework
--> SPF record basically used to prevent spoofing/spamming of emails.
--> SPF is configured by the owner of the sending domain as a TXT record in Public DNS Server.
--> SPF Record basically needs to include all the IP addresses that the sending domain uses to send an email.
--> For example, If we are sending email from cisco.com and are using the below IPs and the MX records for the cisco.com domain to send an email:
172.15.2.2
172.15.2.3
172.15.2.0/24
--> SPF Record can be configured in three steps:
Step1: Specify the SPF Record Version ( Currently there is only one version: version1)
v=spf1
Step2: Specify the Allowed IP addresses that are required to send an email for the domain:
v=spf1 ipv4:172.15.2.2 ipv4:172.15.2.3 ipv4:172.15.2.0/24
If the Sender domain already has MX records and you only want to allow MX IP addresses to send the email then configure SPF Record as
v=spf1 mx
Step3: Configure the Action
What action receiving domain need to do if the email is sent from the IP addresses that are not authorized to send an email:
v=spf1 ipv4:172.15.2.2 ipv4:172.15.2.3 ipv4:172.15.2.0/24 -all ( Do not allow email from any sender IP address other than listed in SPF record)
v=spf1 ipv4:172.15.2.2 ipv4:172.15.2.3 ipv4:172.15.2.0/24 ~all ( Sender IP address other than listed in SPF record treat as SPAM)
v=spf1 + all ( Allow email from all the IP addresses)
v=spf1 ?all ( SPF Record neither recommend the email is blocked or allowed)
Use Case:
--> SPF Check is basically implemented on the Email Gateway.
--> Once Enabled, The Email gateway verifies the SPF record of the recipient domain to allow/reject the email based on the SPF record.
MD.Kareemoddin,
CCIE #54759
--> SPF record basically used to prevent spoofing/spamming of emails.
--> SPF is configured by the owner of the sending domain as a TXT record in Public DNS Server.
--> SPF Record basically needs to include all the IP addresses that the sending domain uses to send an email.
--> For example, If we are sending email from cisco.com and are using the below IPs and the MX records for the cisco.com domain to send an email:
172.15.2.2
172.15.2.3
172.15.2.0/24
--> SPF Record can be configured in three steps:
Step1: Specify the SPF Record Version ( Currently there is only one version: version1)
v=spf1
Step2: Specify the Allowed IP addresses that are required to send an email for the domain:
v=spf1 ipv4:172.15.2.2 ipv4:172.15.2.3 ipv4:172.15.2.0/24
If the Sender domain already has MX records and you only want to allow MX IP addresses to send the email then configure SPF Record as
v=spf1 mx
Step3: Configure the Action
What action receiving domain need to do if the email is sent from the IP addresses that are not authorized to send an email:
v=spf1 ipv4:172.15.2.2 ipv4:172.15.2.3 ipv4:172.15.2.0/24 -all ( Do not allow email from any sender IP address other than listed in SPF record)
v=spf1 ipv4:172.15.2.2 ipv4:172.15.2.3 ipv4:172.15.2.0/24 ~all ( Sender IP address other than listed in SPF record treat as SPAM)
v=spf1 + all ( Allow email from all the IP addresses)
v=spf1 ?all ( SPF Record neither recommend the email is blocked or allowed)
Use Case:
--> SPF Check is basically implemented on the Email Gateway.
--> Once Enabled, The Email gateway verifies the SPF record of the recipient domain to allow/reject the email based on the SPF record.
MD.Kareemoddin,
CCIE #54759
0 comments:
Post a Comment