The Sender Policy Framework

If you host your own mail server, (such as Exim), you should be able to configure your server to filter incoming email based on the SPF record of the domain, (if one exists).

Also, if your ISP allows you to edit the TXT SPF record for your domain, you can set this to allow others to reject mail which claims to be from you but originated elsewhere.

SPF rules

The following is a quick overview of how SPF rules are written, please do not use it as a definitive guide, check out the Sender Policy Framework website for full documentation.

The basic SPF options are:

What to do with everything not otherwise defined.
Domain name ‘A’ record. Allow mail where the IP address matches the A record for the domain.
Match IP against server listed in MX record for domain.
The hostnames for the client IP are checked using PTR. At least one A record for a PTR hostname must match the IP.
An IPv4 network range
an IPv6 network range.

...and the following qualifiers may be used

Soft-fail (accept but mark)


v=spf1 a mx -all
The domain IP address (listed in the A record), and the listed MX for the domain can send mail for the domain, all others are prohibited.

v=spf1 -all
The domain sends no mail at all.