Owens63
asked on
SPF Record Policy
I am trying to write an SPF policy to be used to govern the creation and management of these records. Basically we have no standard for SPF and this has lead to spoofing and spam. Additionally marketing partners are using the domain to send email, instead of "marketing.domain.com. Fear is that this could lead to getting us black listed. So I need to say, here is our standard (the SPF record has be configured to...) and marketing partners cannot use the "domain.com" to send e-mail, instead they must use something like "marketing.domain.com.
Any thoughts?
Any thoughts?
You must type in your domain record zone
IN SPF "v=spf1 mx -all"
or, in case that your DNS server does not recognize SPF directive, you can use TXT
IN TXT "v=spf1 mx -all"
IN SPF "v=spf1 mx -all"
or, in case that your DNS server does not recognize SPF directive, you can use TXT
IN TXT "v=spf1 mx -all"
ASKER
My bad, I was looking more for the verbiage for a policy/governance prospective. Here is what I have so far:
"SPF Record:
<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record. This will include all domains owned or managed by <<COMPANY NAME>>. <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.
IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required use sub domains, such as mailist.companyname.com "
How does that sound?
"SPF Record:
<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record. This will include all domains owned or managed by <<COMPANY NAME>>. <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.
IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required use sub domains, such as mailist.companyname.com "
How does that sound?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would start off the text with explaining what SPF entails (see bolded addition), i.e. the management summary lol.
Today, nearly all abusive e-mail messages carry fake sender addresses. The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.
<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record. This will include all domains owned or managed by <<COMPANY NAME>>. <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.
IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required to use sub domains, such as mailist.companyname.com
SPF Best Practices
http://www.openspf.org/Best_Practices
Microsoft also has a nice GUI which will walk you through the SPF Record Creation
https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Will.