SPF – Sender Policy Framework

27 May

SPF, no, not for protecting yourself again the sun’s harmful rays, although that is of course a very good idea as Baz Luhrmann once said…

Anyway, SPF, in the IT world is for Sender Policy Framework and is a pretty simple and clever idea.

The idea being that it prevents email spoofing by having a specific DNS record which allows mail servers to check that the sender is authorised.

I recently looked into moving over to Office365 from exchange, in the short term I am looking at going Hybrid and part of the Office365 setup was adding some additional DNS:

@   TXT/SPF   v=spf1 include:spf.protection.outlook.com –all

I wasn’t paying full attention during this and soon after adding it a few users were getting bounce backs from addressed they had used before along the lines of:

Delivery has failed to these recipients or groups:
[email protected]
Your message wasn’t delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
The following organization rejected your message: mail.company.co.uk.

spf_fail

After a bit of searching I came across some information that pointed me towards SPF, the page itself was very helpful and listed all the detail I required.

I then modified the DNS to include my current authorised senders along with Office365 and everything is working well again.

This site is also pretty handy if you want to check for SPF entries.

References: