SystemMen - This article, I will guide you how to configure SPF for Zimbra mail server 8.8.12.
Next of the article configuring DKIM, we will now continue to configure the SPF.
What is an SPF?
Right, first, we need to know what SPF is? Why do we need to configure it?
According to Zimbra, SPF defines:
Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content.
So, like DKIM, SPF help the receiving mail system confirm whether the email sent is real or fake?
Validating through the contents of the DNS record contains the IP of the mail server.
You can look at the image below and find out more information about it at this page.
So can you understand why we need to configure it?
That’s because every email that your Zimbra server sends, other mail servers around the world will check for SPF information before deciding whether to put it in inbox or spam or block mail.
Configure SPF for Zimbra mail server
Actually, it’s because you’re running the mail server with Zimbra. And your mail domain is on this server.
The SPF configuration is not the same as DKIM, it does not manipulate anything on the Zimbra server. In essence, it is understandable that we are configuring SPF for domain mail, rather.
Note: SPF needs to be configured on public DNS, not on Zimbra server or your internal DNS.
Use SPF Record Generator to create an SPF record
Again, we will use MXToolbox again to do this. Why is that? This is because we need to create a public DNS record. But what is the content of that record?
MXToolbox provides a tool called SPF Record Generator. You only need to declare your information in the data fields.
And this tool will create content for DNS records for you.
- Step 1: type domain mail domain to box name
Domain Name or URL
and press buttonCheck SPF Record
. - Step 2: fill all data fields in
SPF WIZARD
to get final dns record.
At the “How strict should should the SPF Policy be?”
You have 4 choices (this explanation is based on information from Zimbra):
--
: do not choose anythingStrict
: will only mark the email like pass if the source Email Server fits exactly, IP, MX, etc. with the SPF entryNeutral
: without policySoft Fail
: allows to send the email, and if something is wrong will mark it like softfail
Usually, we will choose number 4.
Create DNS record for SPF
Based on the content Suggested Record, you need to create a record with the following content:
Host record | Type | Value |
@ | TXT | “v=spf1 a mx a:mail.yourdomain.com ip4:192.168.10.10 ~all” |
Note: Put content Value
of SPF records in double quotes
Check that the SPF record is set correctly
You open the SPF test tool on MXToolbox. Enter your domain and click SPF Record Lookup
button.
The returned result should look like the image below. Every Test step is green.
Conclusion
So I showed you how to configure SPF for Zimbra mail server successfully. You can do the same with all domains in your Zimbra server. For each new domain, simply repeat the creation of the SPF record as in this article. Next article, I will talk about DMARC.
«« Configure DKIM for Zimbra mail server 8.8.12Configure DMARC for Zimbra mail server 8.8.12 »»
Thank You Sir , it`s useful for me to learn more