[Mail] DNS 設定 SPF 記錄(TXT) 設定範例指南

Intro

DNS SPF紀錄用來反查認證寄送IP。

Sender Policy Framework – SPF Record Syntax


規則

使用DNS的TXT紀錄標記:

"v=spf1 +a +mx +ip4:139.162.80.137 -all"

其中的 v=spf1 是表示 spf 所使用的版本

符號:

+:Pass 代表允許,為預設的屬性
-:Fail 代表拒絕,-all 表示除了有條列出來的主機允許其他都拒絕,標式為 Hard Fail 不會接受該信件
~:SoftFail 代表拒絕,~all 表示除了有條列出來的主機允許其他都拒絕,標式為 Soft Fail 還是接收了該信件
?:Neutral 代表可能還有其他網域,收件主機還是會接收該信件。


設定範例

ip4: 僅允許這兩組IPv4可以用這個網域來送出信件

"v=spf1 ip4:139.162.80.137  ip4:139.162.40.12  -all"

ip4: Class-C遮罩範例

"v=spf1 ip4:139.162.80.137/24  -all"

a: A Record符合

"v=spf1 a:smtp1.domain.com a:smtp2.domain.com  -all"
"v=spf1 a:domain.com/24  -all"

include: 為觸發遞迴執行機制 check_host()

"v=spf1 include:example.com include:example.org -all"

SPF狀態表

Result Explanation Intended action
Pass The SPF record designates the host to be allowed to send accept
Fail The SPF record has designated the host as NOT being allowed to send reject
SoftFail The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark
Neutral The SPF record specifies explicitly that nothing can be said about validity accept
None The domain does not have an SPF record or the SPF record does not evaluate to a result accept
PermError A permanent error has occured (eg. badly formatted SPF record) unspecified
TempError A transient error has occured accept or reject

Leave a Reply

Your email address will not be published. Required fields are marked *