Sender Policy Framework and Sender ID: Second in 3-Part Series on E-Mail Authentication - Page 4

Outbound e-mail

SPF uses a version 1 SPF record and Sender ID uses a version 2 SPF record. Both versions use essentially the same syntax: once you construct one of them, you can generally use the same content for the other once you change the record identifier (SPF version 1 records begin with "v=spf1" and SPF version 2 records begin with "2.0/pra"). If you have access to the relevant DNS entries, it is generally a good idea to publish both version 1 and version 2 records.

The content of the record uses a special syntax to describe the servers you identified in the prerequisite step. They can be listed by IP address, by IP address range if there are several with related addresses, by domain name or by including an existing SPF record from another domain. The syntax complexity of SPF records generally depends on how widely dispersed your authorized mail servers are. Fortunately, there are wizards available to help construct both SPF version 1 records and SPF version 2 records.

One example of a fairly simple SPF version 1 record is shown in the output of the SPF wizard:


Or as an SPF version 2 record for Sender ID:


For domains that do not send any mail, the record can contain an empty list of authorized mail servers to prevent others from spoofing their domain in malicious e-mail: