• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Local SPF-Rules

m3lezZ

m3lezZ

Regular Pleskian
Plesk Guru
Hey friends,

i have a few questions with spf-records in plesk. I have read the docs.plesk but it doesn't answered all my questions.

#1
What are local SPF rules and what are their implications?

#2
What are SPF estimation rules and how do they work?

Thank you and best regards!
 
Plesk-Support answered my questions, here to share information with you:


#1
What are local SPF rules and what are their implications?

SPF fights return-path address forgery and makes it easier to identify spoofs.
The rules are set in the DNS records and you decide how you would like to setup them.
Let me show you couple of examples:

example.com IN TXT "v=spf1 mx -all"
This mean that mail from [email protected] can be sent only from his MX record. There can be used other options. If other servers send mail from domain.com, you can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains.

Example:
"v=spf1 a mx a:example.com -all"
Mail can be sent from his MX and from example.comserver.

You can find more information in the following article. Also, you can found a link to record generator there:
What is the SPF? How to configure and use SPF on Plesk server?

The behavior of SPF, therefore, the implications of rules, can be set in Tools&Settings - Mail server settings - SPF checking mode. You can find a thorough description of the modes here:
https://docs.plesk.com/en-US/onyx/administrator-guide/mail/antispam-tools/sender-policy-framework-system-linux.59435/

#2
What are SPF estimation rules and how do they work?

If this questions wasn't answered in the first section, please, let me know what exactly do you mean by "estimation rules". If you would like to know more about SPF mechanisms, I can suggest to take a look to its RFC:
RFC 4408 - Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1

#3
How does Plesk check AAAA-Records and how does it process them?
It depends of the type of ip being set. When
<ip> is an IPv4 address, A records are fetched, when <ip> is an IPv6
address, AAAA records are fetched.

The rules for ipv6 addresses can be set in the DNS TXT records as well as rules for both types of ip. Let me share an example with you:
"v=spf1 ip4:XX.XX.XX.XX ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all"
 
Finally, there were 2 more questions on this topic I share here in addition:

In our case, the DNS management takes place externally and not via the Plesk system itself where SPF entries have been defined. Therefore, Plesk would not have to be defined as the external access?

In this case, there are two ways:
1. If you use DNS management, you need to synchronize it with external DNS systems.
Either manually, or with some kind of automated scripting/DB queries or even an extension (this last is already available in extensions catalog)

2. If you don't need to use Plesk's DNS management, then
Plesk Tools&Settings > Mail settings > SPF will only checks for incoming mail, and Plesk will do regular DNS queries
And if the domain's DNS is managed externally, Plesk server will check those external servers.

Does Plesk's SPF check with the "AAAA" in the entry clear to the resolution of the IPv6?
AAAA record is being checked when ipv6 address is in a rule, yes.
 
Hi. I'm really a Newbie all round. I have something to ask on this please. I've got Plesk on a 1&1 server and I'm setting up records in DNS to prevent spam etc.
Can anyone tell me whether you add a DNS Record likd SPF, DKim and DMarc on the Domain of the server, or in the DNS entries in the Control Panel of 1&1.
I've created an SPF Record in Plesk, but external cheks on whatsmydns etc say it doesn't exist?
Thanks
 
You must log in or register to reply here.

Similar threads

nuno.pereira
Question SPF activation with relay server
Replies
4
Views
795
nuno.pereira
nuno.pereira
F
Resolved Error code: (26) DNS lookup failure, failed SPF check - spf.trusted-forwarder.org gone?
Replies
5
Views
2K
Peter Debik
P
P
Issue SPF error sending IP 127.0.0.1
Replies
8
Views
2K
Peter Debik
P
B
Issue Assistance Required: Correct DNS Settings for Mail Servers in Plesk
Replies
0
Views
386
BHK
B
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
664
cmartinez127
C
Back
Top