RollerNet Help | SPF Filter

Sender Policy Framework (SPF) is a method to protect the sender address from joe-jobs, phishing, spoofing, and other forgery. The SPF filter settings allow you to customize how our SPF filter works for you. We recommend enabling the SPF filter for all mail domains.

Important: if you are using an SPF filter on your mail server, it will return false SPF results since all mail will appear to come from our servers and conflict with published SPF records. We do not recommend performing SPF checks on downstream connections from our servers. (See Appendix F of RFC 7208 for more information.)

Our SPF filter allows you to customize the actions of SPF lookup results.

Accept - message passes SPF filter.
Defer - return a 4xx defer message to the client.
Reject - return a 5xx reject message to the client.

The following results may be returned by the SPF filter:

Pass - The SPF record designates the host to be allowed to send.
Fail - The SPF record has designated the host as NOT being allowed to send.
SoftFail - The SPF record has designated the host as NOT being allowed to send but is in transition.
Neutral - The sender makes no assertion about the status of the client IP.
None - There is no SPF record for this domain.
TempError - The DNS lookup encountered a temporary error during processing.
PermError - The domain has a configuration error in the SPF record or defines an invalid mechanism.

In our experience we've found it's generally safe to choose "Reject" for SoftFail results. The PermError result is due to an incorrect SPF record; the administrator of the sending side will need to correct it. TempError can also be trigged by a bad DNS configuration on the sender side.

When SPF is enabled for your domain, the "Received-SPF" will be added by our SPF filter to the message headers with the lookup result. SPF results are also available in the "Authentication-Results" header.