1. Knowledge Base
  2. MDaemon® Email Server

How to enable SFP Verification and create a simple SPF record

This article details Sender Policy Framework (SPF), how to enable SPF Verification in MDaemon, and how to generate a simple SPF record for a domain.

MDaemon supports Sender Policy Framework (SPF) to help verify sending servers and protect against spoofing and phishing, which are two common types of email forgery in which the sender of the message attempts to make the message appear to be coming from someone else.

Many domains publish MX records in the Domain Name System (DNS) to identify the locations permitted to receive mail for them, but this doesn't identify the locations allowed to send mail for them. SPF is a means whereby domains can also publish sender records to identify those locations authorized to send messages. By performing an SPF lookup on incoming messages, MDaemon can attempt to determine whether or not the sending server is permitted to deliver mail for the purported sending domain, and consequently determine whether or not the sender's address may have been forged or "spoofed".

SPF verification is enabled by default in MDaemon installations.  If MDaemon is accepting mail directly from the outside world, there is little reason to disable SPF verification.

To verify if SPF Verification is enabled:

  1. Open MDaemon
  2. Select Security
  3. Select Security Manager (Security Settings)
  4. Expand Sender Authentication
  5. Select SPF Verification
  6. Verify that Enable SPF verification is checked.

In Remote Administration:

  1. Log in to Remote Administration as the Global Administrator
  2. Select Security
  3. Select Sender Authentication
  4. Select SPF Verification
  5. Verify that Enable SPF verification is checked.
  6. Click Save if any changes are made. 

To create an SPF record for your domain, a TXT record will need to be created in the provider that hosts DNS records for the domain.

A basic record that allows A records and MX records for the domain to send mail as the domain would would look like the following.
v=spf1 a mx -all

SPF records can be as complex or as simple as the record above depending on the number of servers/hosts that are to be allowed to send mail as this domain.  There are a number of SPF record generators and SPF record testers available on the internet to help create and test an SPF record that best suits the domain. 

Click here for more information on SPF.

Click here for more information on SPF record syntax.