Introduction

SPF (Sender Policy Framework) as a standardised mechanism used for determining if an internet email message originated from a legitimate sender. It is one of several mechanisms by which an email message can be identified as spam vs a legitimate message.

SPF makes use of the internet DNS system to publish information identifying legitimate mail servers sending outbound email for a given domain. When an email is received, the mail server that sent the email is compared to the set of mail servers specified in the sender domain’s DNS record. If the sender mail server is not listed on the sending domain’s DNS SPF record then the email message is flagged as suspicious (spam).

This document describes how to configure SPF such that outbound mail sent from the NowInfinity platform on your behalf passes SPF checks.

How SPF Configuration Works

To configure SPF, you will need to contact your DNS provider (typically but not always your hosting provider). Your DNS provider will perform the actual modification of the SPF entry in your DNS record. To enable them to do this, you will need to provide them with the names and addresses of the outbound mail server(s) that your NowInfinity account is configured to use for outbound emails from the NowInfinity Platform. These server names and addresses will be different depending on whether your NowInfinity account is configured to use SMTP, Office365/Outlook.com or AWS Simple Email Server.

 The remainder of this document provides SPF configuration information for each of the following scenarios (choose the scenario that applies to your particular mail server): 

  • Outbound email from Amazon AWS Simple Email Server
  • Outbound email from Office 365 / com
  • Outbound email from SMTP mail servers other than AWS SES or Office 365

Instructions for AWS Simple Email Server

This section explains SPF configuration for clients using Amazon AWS Simple Email Server (SES) for outbound mail delivery from the NowInfinity platform.

To configure SPF when using AWS SES for outbound mail, you will need to add the following information to your DNS SPF entry: 

  1. The IP addresses of the outbound mail servers
  2. The AWS SES domain name This information is as follows:

mceclip0.png

 

Example SPF Configuration for users of AWS SES:

This example will use a fictitious company “Awesome Accountants”. Awesome Accountants have (fictional) email addresses such as “admin@awesomeaccountants.com.au” and “info@awesomeaccountants.com.au”. I.e. “awesomeaccountants.com.au” is Awesome Accountants’ root domain name.

Prior to onboarding with NowInfinity, the SPF entry in the DNS record for Awesome Accountants was as follows:

 v=spf1 mx ptr include:awesomeaccountants.com.au -all

To enable the NowInfinity platform to send emails on behalf of Awesome Accountants, they contact their DNS provider to request that their SPF entry be modified to become: 

v=spf1 mx ptr ip4:52.64.41.85 ip4:52.64.41.199 ip4:52.64.7.174 include:awesomeaccountants.com.au include:amazonses.com -all

(The yellow highlighting identifies the information that needs to be added to the SPF entry) 

Once this change has been made to the DNS SPF entry (and given time – up to 24 hours – for the change to propagate through the internet’s DNS network), outbound email sent from the NowInfinity platform on behalf of Awesome Accountants will pass SPF checks.

Additional Information About SPF Configuration on AWS SES

Additional information about SPF configuration on AWS SES can be found here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/spf.html

Instructions for Office 365 Email Server

This section explains SPF configuration for clients using Office 365 for outbound mail delivery from the NowInfinity platform. 

To configure SPF when using Office 365 for outbound mail, you will need to add the following information to your DNS SPF entry: 

  1. The IP addresses of the outbound mail servers
  2. The Office 365 domain name

This information is as follows:

mceclip1.png

 

Example SPF Configuration for users of Office 365:

This example will use a fictitious company “Awesome Accountants”. Awesome Accountants have (fictional) email addresses such as “admin@awesomeaccountants.com.au” and “info@awesomeaccountants.com.au”. I.e. “awesomeaccountants.com.au” is Awesome Accountants’ root domain name.

Prior to onboarding with NowInfinity, the SPF entry in the DNS record for Awesome Accountants was as follows:

v=spf1 mx ptr include:awesomeaccountants.com.au -all

To enable the NowInfinity platform to send emails on behalf of Awesome Accountants, they contact their DNS provider to request that their SPF entry be modified to become:

v=spf1 mx ptr ip4:52.64.41.85 ip4:52.64.41.199 ip4:52.64.7.174

include:awesomeaccountants.com.au include:spf.protection.outlook.com -all

(The yellow highlighting identifies the information that needs to be added to the SPF entry) 

Once this change has been made to the DNS SPF entry (and given time – up to 24 hours – for the change to propagate through the internet’s DNS network), outbound email sent from the NowInfinity platform on behalf of Awesome Accountants will pass SPF checks.

Additional Information About SPF Configuration on Office 365

Additional information about SPF configuration on Office 365 can be found here:

https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-spf-in-office-365-to-help-prevent-spoofing

Instructions for SMTP Email Server

This section explains SPF configuration for clients using SMTP severs other than AWS SES or Office 365 for outbound mail delivery from the NowInfinity platform. 

To configure SPF when using SMTP for outbound mail, you will need to add the following information to your DNS SPF entry: 

  1. The IP addresses of the outbound mail servers
  2. The SMTP server name

This information is as follows:

mceclip2.png 

Example SPF Configuration for users of SMTP:

This example will use a fictitious company “Awesome Accountants”. Awesome Accountants have (fictional) email addresses such as “admin@awesomeaccountants.com.au” and “info@awesomeaccountants.com.au”. I.e. “awesomeaccountants.com.au” is Awesome Accountants’ root domain name. 

Prior to onboarding with NowInfinity, the SPF entry in the DNS record for Awesome Accountants was as follows:

v=spf1 mx ptr include:awesomeaccountants.com.au -all

Awesome Accountants are using a third party hosted mail server. The server name is “awesomeacc.supermail.com”. 

To enable the NowInfinity platform to send emails on behalf of Awesome Accountants, they contact their DNS provider to request that their SPF entry be modified to become:

v=spf1 mx ptr ip4:52.64.41.85 ip4:52.64.41.199 ip4:52.64.7.174

include:awesomeaccountants.com.au include:awesomeacc.supermail.com -all

(The yellow highlighting identifies the information that needs to be added to the SPF entry) 

Once this change has been made to the DNS SPF entry (and given time – up to 24 hours – for the change to propagate through the internet’s DNS network), outbound email sent from the NowInfinity platform on behalf of Awesome Accountants will pass SPF checks.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.