This help section describes the SPF test and the related settings available under the page in the navigation.
Sender Policy Framework (SPF) is an email authentication protocol which allows domain owners to publish a policy to stop email forgery in the name of the domain. In short, the policy defines which IP addresses are authorized to send emails in the name of the publisher domain. The policy is published as a DNS record on the DNS server authoritative for the domain, so it can be checked via a simple DNS query.
Click the Settings button to configure the SPF test feature of ORF. More information is available in the SPF Settings section.
Because ORF validates the email origin IP address, it is crucial to configure ORF to check the right IP address.
Enabling the SPF test with incorrect Intermediate Host List settings will cause false positives.
The Intermediate Host List tells ORF which hosts may receive the email before ORF gets them. ORF tracks the original host IP address back based on this information. If the Intermediate Host List contents are incomplete or incorrect, the intermediate relayer's IP address will be checked against the SPF policy of the sender domain, which will eventually result in email blacklisting (as the relaying host is doubtfully listed as an authorized sender).
Visit the SPF website at http://www.open-spf.org/.
Please visit the SPF website to learn more about publishing an SPF policy for your domain. We also offer an SPF Syntax Validator and an SPF Checker on our website for testing your policy.
ORF implements RFC7208, published in April 2014, and its updates (RFC7372, RFC8553, RFC8616).
Verification results are recorded in the Authentication-Results header as specified in RFC8601.
The optional Received-SPF header is not appended by ORF to emails. ORF also does not do HELO-first checking, which is an optional feature of the standard.