Link to home
Create AccountLog in
Avatar of Owens63
Owens63

asked on

SPF Record Policy

I am trying to write an SPF policy to be used to govern the creation and management of these records.  Basically we have no standard for SPF and this has lead to spoofing and spam. Additionally marketing partners are using the domain to send email, instead of "marketing.domain.com.  Fear is that this could lead to getting us black listed.  So I need to say, here is our standard (the SPF record has be configured to...) and marketing partners cannot use the "domain.com" to send e-mail, instead they must use something like "marketing.domain.com.    

Any thoughts?
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

I would recommend checking out www.openspf.org for best practices when it comes to SPF Records creating/managing them.

SPF Best Practices
http://www.openspf.org/Best_Practices

Microsoft also has a nice GUI which will walk you through the SPF Record Creation
https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Will.
You must type in your domain record zone

IN SPF "v=spf1 mx -all"

or, in case that your DNS server does not recognize SPF directive, you can use TXT

IN TXT "v=spf1 mx -all"
Avatar of Owens63
Owens63

ASKER

My bad, I was looking more for the verbiage for a policy/governance prospective.  Here is what I have so far:

"SPF Record:
<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record.  This will include all domains owned or managed by <<COMPANY NAME>>.  <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.  
IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required use sub domains, such as mailist.companyname.com "

How does that sound?
ASKER CERTIFIED SOLUTION
Avatar of matrix8086
matrix8086
Flag of Romania image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I would start off the text with explaining what SPF entails (see bolded addition), i.e. the management summary lol.

Today, nearly all abusive e-mail messages carry fake sender addresses. The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.

<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record.  This will include all domains owned or managed by <<COMPANY NAME>>.  <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.  

IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required to use sub domains, such as mailist.companyname.com