This post is linked to from the Automated Emails Project
Sender Policy Framework
SPF uses a DNS attribute assigned to the sending domain name that lists which hosts are expected to send emails for that domain.
Many VMs use NAT to accesss the internet. Their ifconfig
output won't match
the actual internet IP that the emails will send from.
To check your external IP address, execute:
dig +short myip.opendns.com @resolver1.opendns.com
Below, the output of this command will be used as <ext_ip>
If you have a static public IP address you can use it as <ext_ip>
There used to be a site with reference data at openspf.org but they ran out of funding so it went offline. You can still get to its reference page from the WayBackMachine.
To configure SPF, first go to your domain registrar's website and create a new entry for your domain. In Cloudflare, you just go to the DNS page. Cloudflare supports both SPF and TXT records, some registrars will only offer TXT. If yours offers both, use both for this.
Create a record for the domain your emails will send from. For instance, if your emails will send from [email protected], create an entry for alerts.example.com.
Check the above linked reference for other options such as using A records, but here's an example of an SPF record stating that emails are expected from the IP address 1.2.3.4. You can also use subnet masks if you own a range.
v=spf ip4:1.2.3.4 -all
Set your DNS SPF record, and that's it, you're done. Receiving "milters" might check this and add a few points or whatever towards your sender's trustworthiness.