Sender Policy Framework

From Wikitech
Jump to navigation Jump to search

SPF is a framework for validating outgoing mail, which gives the receiving side useful information for spam filtering. The main goal is to cause spoofed mail to be correctly identified as such. It should also improve our odds of getting fundraiser mailings into inboxes rather than spam folders.

The October 8 change will be simply a matter of adding a TXT record to the DNS zone: IN TXT "v=spf1 ip4: ip4: ip6:2620:0:860::/46 ip4: ?all"

The record is a list of subnets that we identify as senders (all wmf subnets, google apps, and the fundraiser mailhouse). The "?all" is a "neutral" policy--it doesn't state either way how mail should be handled.

Eventually we'll probably bump "?all" to a stricter "~all" aka SoftFail, which tells the receiving side that only mail coming from the listed subnets is valid. Most ISPs will route 'other' mail to a spam folder based on SoftFail.

I was under the impression that ~all softfail is not an assertion that something is not authorized and the only way to actually assert that is with -all hardfail.