Configure SPF for Zimbra mail server 8.8.12

SystemMen - This article, I will guide you how to configure SPF for Zimbra mail server 8.8.12.

Next of the article configuring DKIM, we will now continue to configure the SPF.

What is an SPF?

Right, first, we need to know what SPF is? Why do we need to configure it?

According to Zimbra, SPF defines:

Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content.

So, like DKIM, SPF help the receiving mail system confirm whether the email sent is real or fake?

Validating through the contents of the DNS record contains the IP of the mail server.

You can look at the image below and find out more information about it at this page.

So can you understand why we need to configure it?

That’s because every email that your Zimbra server sends, other mail servers around the world will check for SPF information before deciding whether to put it in inbox or spam or block mail.

Configure SPF for Zimbra mail server

Actually, it’s because you’re running the mail server with Zimbra. And your mail domain is on this server.

The SPF configuration is not the same as DKIM, it does not manipulate anything on the Zimbra server. In essence, it is understandable that we are configuring SPF for domain mail, rather.

Note: SPF needs to be configured on public DNS, not on Zimbra server or your internal DNS.

Use SPF Record Generator to create an SPF record

Again, we will use MXToolbox again to do this. Why is that? This is because we need to create a public DNS record. But what is the content of that record?

MXToolbox provides a tool called SPF Record Generator. You only need to declare your information in the data fields.

And this tool will create content for DNS records for you.

• Step 1: type domain mail domain to box name Domain Name or URL and press button Check SPF Record.
• Step 2: fill all data fields in SPF WIZARD to get final dns record.

At the “How strict should should the SPF Policy be?”

You have 4 choices (this explanation is based on information from Zimbra):

1. --: do not choose anything
2. Strict: will only mark the email like pass if the source Email Server fits exactly, IP, MX, etc. with the SPF entry
3. Neutral: without policy
4. Soft Fail: allows to send the email, and if something is wrong will mark it like softfail

Usually, we will choose number 4.

Create DNS record for SPF

Based on the content Suggested Record, you need to create a record with the following content:

Note: Put content Value of SPF records in double quotes

Check that the SPF record is set correctly

You open the SPF test tool on MXToolbox. Enter your domain and click SPF Record Lookup button.

The returned result should look like the image below. Every Test step is green.

Conclusion

So I showed you how to configure SPF for Zimbra mail server successfully. You can do the same with all domains in your Zimbra server. For each new domain, simply repeat the creation of the SPF record as in this article. Next article, I will talk about DMARC.