Difference between revisions of "Postfix: Setup DNS spf"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Caranya: Name/Host/Alias: Enter @ or leave it blank. Your other DNS records might indicate which entry is correct. Time to Live (TTL): Enter 3600 or leave the default. Val...") |
Onnowpurbo (talk | contribs) |
||
| Line 7: | Line 7: | ||
Misalnya: | Misalnya: | ||
| − | onnocenter.or.id. IN TXT "v=spf1 include:_spf.google.com ~all" | + | onnocenter.or.id. IN TXT "v=spf1 mx include:_spf.google.com ~all" |
| + | |||
| + | |||
| + | Example 2 Allow mail from a specific host: | ||
| + | |||
| + | v=spf1 a:mail.example.com -all | ||
| + | |||
| + | The v=spf1 tag is required and has to be the first tag. | ||
| + | |||
| + | The last tag, -all, indicates that mail from your domain should only come from servers identified in the SPF string. Anything coming from any other source is forging your domain. An alternative is ~all, indicating the same thing but also indicating that mail servers should accept the message and flag it as forged instead of rejecting it outright. -all makes it harder for spammers to forge your domain successfully; it is the recommended setting. ~all reduces the chances of email getting lost because an incorrect mail server was used to send mail. ~all can be used if you don’t want to take chances. | ||
| + | |||
| + | |||
Latest revision as of 17:47, 28 April 2019
Caranya:
Name/Host/Alias: Enter @ or leave it blank. Your other DNS records might indicate which entry is correct. Time to Live (TTL): Enter 3600 or leave the default. Value/Answer/Destination: Enter v=spf1 include:_spf.google.com ~all
Misalnya:
onnocenter.or.id. IN TXT "v=spf1 mx include:_spf.google.com ~all"
Example 2 Allow mail from a specific host:
v=spf1 a:mail.example.com -all
The v=spf1 tag is required and has to be the first tag.
The last tag, -all, indicates that mail from your domain should only come from servers identified in the SPF string. Anything coming from any other source is forging your domain. An alternative is ~all, indicating the same thing but also indicating that mail servers should accept the message and flag it as forged instead of rejecting it outright. -all makes it harder for spammers to forge your domain successfully; it is the recommended setting. ~all reduces the chances of email getting lost because an incorrect mail server was used to send mail. ~all can be used if you don’t want to take chances.