Merge pull request #57 from sk3pp3r/master

trimstray · web-flow · commit 9eefd82ea3fd · 2024-01-16T19:38:45.000+01:00
Update SPF records
diff --git a/README.md b/README.md
@@ -4583,9 +4583,27 @@ python -c "import random,string,crypt; randomsalt = ''.join(random.sample(string
 ###### Network Questions (27)
 
 <details>
-<summary><b>Create SPF records for your site to help control spam. ***</b></summary><br>
+<summary><b>Create SPF records for your site to help control spam.</b></summary><br>
+
+* Start with the SPF version, this part defines the record as SPF. An SPF record should always start with the version number v=spf1 (version 1) this tag defines the record as SPF. There used to be a second version of SPF (called: SenderID), but this was discontinued.
+
+* After including the v=spf1 SPF version tag you should follow with all IP addresses that are authorized to send email on your behalf. For example: <code>v=spf1 ip4:34.243.61.237 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e</code>
+
+* Next, you can include an include tag for every third-party organization that is used to send email on your behalf e.g. <code>include:thirdpartydomain.com.</code> This tag indicates that this particular third party is authorized to send email on behalf of your domain. You need to consult with the third party to learn which domain to use as a value for the ‘include’ statement.
+
+* Once you have implemented all IP addresses and include tags you should end your record with an <code>~all</code> or <code>-all</code> tag. The all tag is an important part of the SPF record as it indicates what policy should be applied when ISPs detect a server which is not listed in your SPF record. If an unauthorized server does send email on behalf of your domain, action is taken according to the policy that has been published (e.g. reject the email or mark it as spam). What is the difference between these tags? You need to instruct how strict servers need to treat the emails. The <code>~all</code> tag indicates a soft fail and the <code>-all</code> indicates a hardfail. The all tag has the following basic markers:<br><br>
+`-all` – servers that aren’t listed in the SPF record are not authorized to send email (not compliant emails will be rejected)<br>
+`~all` – if the email is received from a server that isn’t listed, the email will be marked as a soft fail (emails will be accepted but marked)<br>
+`+all` - we strongly recommend not to use this option, this tag allows any server to send email from your domain<br>
+
+* After defining your SPF record your record might look something like this:
+<code>v=spf1 ip4:34.243.61.237 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e include:thirdpartydomain.com -all</code>
+
+Useful resources:
+
+- [SPF Record Checker](https://www.dmarcanalyzer.com/spf/checker/)
+- [SPF Syntax](https://www.spf-record.com/syntax)
 
-To be completed.
 
 </details>
 
