This help section describes the SPF Test Settings dialog of ORF.
SPF evaluation may end with a limited set of results. One of them is SPF "fail", which means that the sending host is explicitly forbidden from sending in the name of the sender domain. The SPF "softfail" result indicates that the sending host is suspicious and may not send in the domain. Enable this option to blacklist the email not only on SPF "fail", but on "softfail" as well.
Some major domains have not progressed to SPF "softfail" or "fail" yet, but report SPF "neutral" on possible forgery attempts. SPF "neutral" states that the policy publisher neither permits, nor denies the sender as legitimate for the domain. Yet, you can expect SPF "pass" result from legitimate senders. By enabling this option and adding these domains to the list, you can still blacklist on SPF "neutral" from the domains listed.
Note that this explicitly overrides the intent of the policy publisher, so use this option very carefully.
Control how much time ORF may spend with evaluating the SPF policy. As evaluation may require an excessive amount of DNS lookups, it is recommended to limit the maximum time to avoid email transmission timeouts.
SPF policies may contain references to other domain's SPF policy. This value controls the maximum number of embedded references to be followed.
Use this list to exclude specific senders from the SPF test by the sender email address or domain.
Use this list to exclude specific senders from the SPF test by the sender IP address or network range.
Some policy publishers add explanation (called the "EXP modifier") to their policy, which can be appended to the SMTP response sent on email rejection. Set this option to evaluate and append this modifier to the response. Consider that evaluating the EXP modifier requires performing additional DNS lookups, so it takes time and resources.
Set this checkbox to log SPF evaluation results, even if the email was not blacklisted. The evaluation result appears in the log as a separate entry and logged only if the sender published an SPF policy.