Filtering with the Sender Policy Framework

SPF is an authentication standard used to link a domain name and an email address. it allows email clients to verify that incoming email from a domain comes from a host authorized by the administrator of this domain.

Add a DNS TXT record for SPF

A new DNS record is added into the doe-family.com DNS zone. It declares that only the server specified in the MX record is allowed to send messages on behalf of Doe’s family.

doe-family.com.          TXT "v=spf1 +mx -all"

TODO: add commands

For incoming messages, SPF is configured to check that the sending host is authorized to use the doe-family.com according to published SPF policy. Rules are executed at the mail stage.

Edit the /etc/vsmtp/domain-enabled/filter.vsl file and add the following rule.

#{
  mail: [
    rule "check spf" || spf::check("both", "soft"),
  ]
}

Preventing spams using SPF

See the spf::check reference for more details.