Checking your SPF Record

When configuring an email application to use the Scomis/SWGfL Smart hosts, it is essential that you check that your Domain SPF Record allows Scomis to send email on behalf of your email domain.

SPF, or Sender Protection Framework, as a system that prevents unauthorised computers from sending email from your internet domain name.  This significantly reduces spam across the internet, since email can only be sent from approved servers.

The first thing to check is whether your domain has an SPF record.  Use an external tool such as https://mxtoolbox.com/spf.aspx to look up your email domain.

The Scomis.org domain has the following SPF record published.

v=spf1 a:scomis.org a:scomiaa1.miniserver.com ip4:62.171.219.110 ip4:61.171.216.0/24 include:_spf.newzapp.co.uk ~all

This specifies that the servers at scomis.org and miniserver.com can send email from a scomis.org email account.  The record also specifies that specific IP addresses (in this case SWGfL email servers) can also send email.  The SPF record also specifies that a third party (newzapp) can send email from a scomis.org email account.  The last element ~all specifies to soft fail the email.

If your school has migrated email to Office 365, Microsoft will often recommend that the following SPF record replaces any existing SPF records.

v=spf1 include:spf.protection.outlook.com -all

This entry will prevent any other email server from sending email from your school domain.  This means that the Scomis/SWGfL smart hosts can’t be used.  For example, it is possible to modify the record so that the Smart Host IP address ranges can send email on behalf of the school domain.

v=spf1 ip4:62.171.219.110 ip4:61.171.216.0/24 include:spf.protection.outlook.com -all

Using services such as https://www.kitterman.com/spf/validate.html will allow you to validate domain SPF records.

Posted in SIMS.net.