You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address. This Problem name Sender Address Forger.
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely, the current version of SPF — called SPFv1 or SPF Classic — protects the envelope sender address, which is used for the delivery of messages.
I use SPF in Plesk server. Until now there’s no more kind of abuse in my domain. That’s work
Define an SPF record
v=spf1 [[pre] type ] ... [mod]
Where:
v=spf1
Mandatory. Defines the version being used. Currently the only version supported is spf1.
Pre
Optional (defaults to +). pre defines the code to return when a match occurs. If a test is conclusive either add + or omit (defaults to +). If a test might not be conclusive use "?" or "~" (tilde). "-"(minus) is typically only used with -all to indicate that if we have had no previous matches - fail.
Value Description
+ Default. Pass.
- Fail.
~ Softfail.
? Neutral.
Type
These types define a verification mechanism.
1. ip4 - use IP Version 4 addresses e.g. 192.168.3.0 for verification
2. ip6 - use IP Version 6 addresses for verification
3. a - use DNS A RRs for verification
4. mx - use DNS MX RRs for verification
5. ptr - use DNS PTR RRs for verification
6. exists - test for existence of domain
MOD
Two optional record modifiers are defined. If present they should follow the last type directive i.e. after the all
This is setting in my plesk server.
And also don’t forget to input to DNS Record :
An example Policy:
example.net. TXT "v=spf1 mx a:pluto.example.net include:aspmx.googlemail.com -all"
v=spf1 SPF version 1
mx the incoming mail servers (MXes) of the domain are authorized to also send mail for example.net
a:pluto.example.net the machine pluto.example.net is authorized, too
include:aspmx.googlemail.com everything considered legitimate by gmail.com is legitimate for example.net, too
-all all other machines are not authorized
Enable Spam Protection
