Difference between revisions of "SPF"
(Created page with "{{fmt/title|SPF: Sender Policy Framework}} ==About== SPF (Sender Policy Framework) is an anti-spam protocol in which a DNS record specifies what IP addresses are allowed t...") |
|||
| Line 1: | Line 1: | ||
{{fmt/title|SPF: Sender Policy Framework}} | {{fmt/title|SPF: Sender Policy Framework}} | ||
==About== | ==About== | ||
| − | [[SPF]] (Sender Policy Framework) is an anti-spam protocol in which a DNS record specifies what IP addresses are allowed to send messages with a "from" address coming from that domain. The IP addresses may be specified literally (numerically) or | + | [[SPF]] (Sender Policy Framework) is an anti-spam protocol in which a DNS record specifies what IP addresses are allowed to send messages with a "from" address coming from that domain. The IP addresses may be specified literally (numerically, using [[/term/cidr-length|CIDR address-range syntax]]) or as domain-names. SPF is defined in [https://www.rfc-editor.org/rfc/rfc7208.html RFC 7208] ([https://datatracker.ietf.org/doc/draft-ietf-spfbis-4408bis/21/ status]). |
===DNS Configuration=== | ===DNS Configuration=== | ||
Discussion of the DNS record format is in [https://www.rfc-editor.org/rfc/rfc7208.html#section-3 Section 3]. SPF uses TXT records; there must be only one SPF record per domain or subdomain. A record's contents must start with "<code>v=spf1</code>" in order to be recognized as an SPF record. | Discussion of the DNS record format is in [https://www.rfc-editor.org/rfc/rfc7208.html#section-3 Section 3]. SPF uses TXT records; there must be only one SPF record per domain or subdomain. A record's contents must start with "<code>v=spf1</code>" in order to be recognized as an SPF record. | ||
| − | The remainder of the contents consists of a | + | The remainder of the contents consists of a set of terms, formatted according to these nearly-indecipherable rules: |
| − | + | {{l/sub|term}}s = *( 1*SP ( directive / modifier ) ) | |
directive = [ qualifier ] mechanism | directive = [ qualifier ] mechanism | ||
qualifier = "+" / "-" / "?" / "~" | qualifier = "+" / "-" / "?" / "~" | ||
| − | + | mechanism = ( all / include / a / mx / ptr / ip4 / ip6 / exists ) | |
| − | + | modifier = redirect / explanation / unknown-modifier | |
unknown-modifier = name "=" macro-string | unknown-modifier = name "=" macro-string | ||
; where name is not any known modifier | ; where name is not any known modifier | ||
name = ALPHA *( ALPHA / DIGIT / "-" / "_" / "." ) | name = ALPHA *( ALPHA / DIGIT / "-" / "_" / "." ) | ||
| + | |||
| + | This seems to translate to "one or more terms, where each term starts with either {a ''qualifier'' followed by a ''directive'' (which is a qualifier plus a mechanism)} or a ''modifier'', and multiple terms are separated by spaces". | ||
| + | |||
| + | Tentatively, it's best to think of "modifiers" as a small set of additional directives. It's noted in that they're intended to allow for future expansion | ||
==Links== | ==Links== | ||
* {{wikipedia|Sender Policy Framework}} | * {{wikipedia|Sender Policy Framework}} | ||
* [https://www.rfc-editor.org/rfc/rfc7208.html RFC 7208] ([https://datatracker.ietf.org/doc/draft-ietf-spfbis-4408bis/21/ status]) | * [https://www.rfc-editor.org/rfc/rfc7208.html RFC 7208] ([https://datatracker.ietf.org/doc/draft-ietf-spfbis-4408bis/21/ status]) | ||
Revision as of 17:07, 18 August 2022
|
SPF: Sender Policy Framework
|
About
SPF (Sender Policy Framework) is an anti-spam protocol in which a DNS record specifies what IP addresses are allowed to send messages with a "from" address coming from that domain. The IP addresses may be specified literally (numerically, using CIDR address-range syntax) or as domain-names. SPF is defined in RFC 7208 (status).
DNS Configuration
Discussion of the DNS record format is in Section 3. SPF uses TXT records; there must be only one SPF record per domain or subdomain. A record's contents must start with "v=spf1" in order to be recognized as an SPF record.
The remainder of the contents consists of a set of terms, formatted according to these nearly-indecipherable rules:
terms = *( 1*SP ( directive / modifier ) )
directive = [ qualifier ] mechanism
qualifier = "+" / "-" / "?" / "~"
mechanism = ( all / include / a / mx / ptr / ip4 / ip6 / exists )
modifier = redirect / explanation / unknown-modifier
unknown-modifier = name "=" macro-string
; where name is not any known modifier
name = ALPHA *( ALPHA / DIGIT / "-" / "_" / "." )
This seems to translate to "one or more terms, where each term starts with either {a qualifier followed by a directive (which is a qualifier plus a mechanism)} or a modifier, and multiple terms are separated by spaces".
Tentatively, it's best to think of "modifiers" as a small set of additional directives. It's noted in that they're intended to allow for future expansion