The Sender Policy Framework (SPF) is as system designed to identify and prevent emails masking their sender address. The domain administrator will create a TXT Resource Record in their DNS Zone, either containing their valid sending server IP address or hostname. The recipient will then compare the information from the Resource Record against the information stored in the email header. If the information does not match, the recipient can reject the email.
We generally recommend to use the SPF filter. Further information on the configuration of the SPF Check can be found in our Manual.
You can enable two different types of SPF filter:
- Type 1: SPF check only gets triggered if an email is received from an internal domain. Then the system will check its own Resource Record.
- Type 2: SPF check will be triggered on any incoming email and will compare the header against any Resource Record if available.
Which type you want to use is up to you. With type 2 the chances of False Positives (emails are being unrightfully filtered) are increased in case the Resource Record contains mistakes or is out-of-date. We recommend starting with type 1 and switch to type 2 if necessary.
Quarantined e-mails can be released in the Control Panel. To avoid a Softfail, customers may add the sender's IP to their allow list. In case of a Hardfail the sender's TXT record has to be adjusted. Other exceptions can be specified via the Compliance Filter.