Skip to main content

SPF

With the help of an SPF entry, you can store the servers authorised to send emails for your domain(s) in the DNS system. The Sender Policy Framework (SPF) is intended to prevent the falsification of sender addresses for emails.

An SPF record is entered as a TXT entry for the domain that is to provide an SPF record. The SPF record can contain IP addresses or DNS records (A, AAAA, MX, etc.). An SPF record starts with v=spf1, followed by the specification of the authorized servers and the final instruction on how to handle emails from servers not listed.

The following example allows servers according to the MX- and A-record of the sender domain as well as the server myserver.nine.ch, and instructs the recipient not to accept emails with this sender domain from all other sources:

v=spf1 mx a include:myserver.nine.ch -all

Statements that follow a minus (-) exclude the listed server. In contrast, servers that follow a plus (+) are allowed. Note that the plus sign can also be omitted - as in the example above.

Creating an SPF entry in Cockpit:

  1. log into the cockpit
  2. Switch to the DNS tab
  3. Open DNS zone
  4. Create a new TXT record and fill it with the SPF instructions.