I’ve been using SPF records without understanding what the syntax meant. I found a post with a quick introduction here:
http://gopher.info-underground.net:70/scottphlog/9997-SPF-Intro.txt
SPF stands for “Sender Policy Framework.” This means, that this is a way for
domain-owners to publish their policy on who is a valid sender of email for
the domain they own.So, let’s look at everybodies first spf record, “v=spf1 +a +mx ~all”. How to
interpret this? Well, spf is read from left to right, so we start with
“v=spf1,” which is just a declaration of what this record is, which is an spf
record written to the standard of version 1." What follows is a space-seperated
list of actions and mechanisms. So in “+a” the plus means “accept email” and
the a is “the a record of this domain.” So if the domain is “email.domain” and
it’s spf record is “v=spf1 +a -all” this (which is the same as “v=spf1 a -all,”
since the plus can be assumed) means “if you get an email that claims to be from
email.domain, accept it if the dns lookup for the a record fordomain.comis
where it came from, if that doesn’t match, reject all other emails.” This can
also be said as “v=spf1 +a:email.domain -all”. Changing the end to ~all means
“softfail,” which means it just gets marked and moved to the spam folder.How about that “+mx?” You guessed it, the mx record of that domain!
(via Hacker Public Radio)
Related: DomainKeys Identified Mail (DKIM)