How to: Block Messages That Fail SPF Checks

An SPF record, or “Sender Policy Framework” record, is used to define a set of rules that valid email sent from a domain will follow.

By editing a file named /var/qmail/control/spfbehavior, server administrators can customize whether to accept or reject messages sent to the server by domains without a valid SPF record.

The possible settings are:

• 0: Never do SPF lookups, don’t create Received-SPF headers

• 1: Only create Received-SPF headers, never block

• 2: Use temporary errors when you have DNS lookup problems

• 3: Reject mails when SPF resolves to fail (deny)

• 4: Reject mails when SPF resolves to softfail

• 5: Reject mails when SPF resolves to neutral

• 6: Reject mails when SPF does not resolve to pass

On most servers, the file will be set to 0 or 1 by default.

Detailed information can be found here.

Contents

• How to: Block Messages That Fail SPF Checks

  • To Manage Whether to Accept or Reject Messages With SPF Failures

To Manage Whether to Accept or Reject Messages With SPF Failures

1. Log in to the server at the CLI as root, either via SSH or from the terminal

2. At the CLI, us a text editor to open the file /var/qmail/control/spfbehavior. The following example uses the Vim text editor:

   vim /var/qmail/control/spfbehavior
   

3. The contents of this file will just be a number, generally either 0 or 1, by default. Change this to the number from the list, above, that correlates with the desired setting

4. Save and exit the text editor