Description
SPF checking (sender validation) can be set up from the MPmail control panel. When SPF checking is enabled, incoming emails will be checked to see if they have been send from a valid source as published in the SPF record for the domain.
Requirements
You will require
- Access to the customer domain internet DNS.
- Admin access to the MPmail control panel.
Process
You will need access to the internet DNS of the domain and any alias domains that are registered in the MPmail control panel to set a TXT record for SPF lookups.
This SPF record must include any servers/systems that you send mail from and also authorize our mail relays to send on behalf of your domain. In order to accomplish this, you must have the following Include statement in your SPF record.
include:spf.mpmailmx.com
A template is:
v=spf1 a:<domain name> include:spf.mpmailmx.com ~all
or
v=spf1 ip4:<IP address> include:spf.mpmailmx.com ~all
Replace parts surrounded by <> with the relevant record.
Important
SPF should contain an include or IP for every service that can send emails on behalf of the domain. The above is simply the SPF that is required for using the MPmail outbound relay to send emails.
If the domain is using any other services that send email on behalf of that domain - for example accounting software or online services, marketing platforms - these also need to have an entry in the SPF record.
As these services are outside of the scope of Manage Protect support, information on these will need to be directed to the organisation that provides the service.
You will then need to wait for the record to be detected by the MPmail control panel. The MPmail control panel has a cached DNS system, this is updated once a day. You will not be able to enable SPF checking until the SPF record has been read and validated.
To confirm it has been validated, in the MPmail control panel, select the domain that you wish to enable SPF checking, and in the left menu go to
Security Settings - Email Authentication.
If any domains have a tick in the SPF status column, SPF checking can be enabled.
Click Activate SPF check
You can choose to check SPF for all incoming emails, or only to check SPF on emails where the sender email address is one of your own domains.
If you click Advanced SPF settings, you can further customise the way that the control panel will perform it's checks, and how it will process SPF failures.
Notes
- Based on the order that the control panel processes incoming emails (refer to MPmail / MParchive - Order of Processing), if a failed SPF check has been set to quarantine the email, this will appear on user quarantine reports as a spam email. However, as SPF checking happens before the allow list is processed, adding an email address to the allow list will NOT stop it being blocked by SPF checking.
- You can override SPF checking using the DOMAIN allow list. You can add an entry of any type, and request that entry to bypass sender validation checking.
