Loading

Sender Policy Framework and Salesforce SPF Records

Publiceringsdatum: Sep 22, 2023
Beskrivning

Sender Policy Framework

Sender Policy Framework (SPF) is a simple email validation system designed to detect email spoofing. SPF provides a process to verify which providers can send emails on your behalf. It also aims to reduce spam and fraud by making it harder for anyone to hide their identity.

If you send an email from a Salesforce application and your domain is ABC.com, you can create an SPF record which authorizes Salesforce.com mail servers as allowed for the ABC.com domain. When the recipient receives your email, it checks the SPF record of ABC.com to determine if it is a valid email. The message will have a high chance of delivery if it is validated using SPF.

Salesforce has implemented an SPF record for our domain and we encourage our customers to implement SPF records for their domains as well. 

 

Entry to include in your SPF record

The appropriate entry to include in your SPF record when sending mail from the Salesforce application is _spf.salesforce.com.

Please only use '_spf.salesforce.com' as there are a variety of SPF records for the salesforce.com domain that are for other uses and are not relevant to sending mail from the Salesforce application. Review Include Salesforce in Your SPF Record.

Lösning


Sample SPF record

As an example, an SPF record would be similar to:

  • v=spf1 mx include:_spf.salesforce.com ~all

It could also be similar to:

  • v=spf1 mx ip4:204.14.234.64/28 ip4:204.14.232.64/28 ip4:182.50.78.64/28 ip4:96.43.144.64/31 ip4:96.43.148.64/31 include:_spf.salesforce.com ~all

 

Create an SPF record

To help create an SPF record from scratch, you can use tools like the SPF Record Generator from MXToolbox.

For reference, the current format of the record _spf.salesforce.com uses a macro similar to exists:%{i} which covers all the needed Salesforce MTA IPs without the need to explicitly list them.

Also See: SPF and DKIM alignment fails
 

Test and validate SPF Records

To confirm that the SPF for the Salesforce record and Salesforce IPs pass validation checks, use the SPF Query Tool from Kitterman.com.

 

  1. With the tool open, go to the 'Test SPF Record' section.
  2. Enter your SPF policy details (not the one shown in the example below) and use an address in your domain.
  3. Click Test SPF Record.
  4. You should see that it passes with an output similar to the example below:

 

Example SPF policy details:

  • IP address: 13.108.238.141
  • SPF Record: v=spf1 ip4:85.222.130.192/26 ip4:85.222.138.192/26 ip4:96.43.144.0/20 ip4:136.146.128.64/27 ip4:136.146.208.0/21 ip4:136.147.32.0/19 ip4:182.50.78.64/28 exists:%{i}._spf.mta.salesforce.com -all
  • Mail From address: myaddress@salesforce.com
  • HELO/EHLO Address: myaddress@salesforce.com 
 
Example output:

Mail sent from this IP address: 13.108.238.141 
Mail Server HELO/EHLO identity: myaddress@salesforce.com 

HELO/EHLO Results - PASS sender SPF authorized

Knowledge-artikelnummer

000382664

 
Laddar
Salesforce Help | Article