Configure SPF for Zimbra mail server 8.8.12

by Daniel Pham
Published: Updated:
This entry is part 5 of 7 in the series Install Zimbra Mail Server 8.8.12

This article, I will guide you how to configure SPF for Zimbra mail server 8.8.12.

Next of the article configuring DKIM, we will now continue to configure the SPF.

What is an SPF?

Right, first, we need to know what SPF is? Why do we need to configure it?

According to Zimbra, SPF defines:

Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content.

So, like DKIM, SPF help the receiving mail system confirm whether the email sent is real or fake?

Validating through the contents of the DNS record contains the IP of the mail server.

You can look at the image below and find out more information about it at this page.

the image describes how spf works
The image describes how SPF works. Source: Zimbra.

So can you understand why we need to configure it?

That’s because every email that your Zimbra server sends, other mail servers around the world will check for SPF information before deciding whether to put it in inbox or spam or block mail.

Configure SPF for Zimbra mail server

Actually, it’s because you’re running the mail server with Zimbra. And your mail domain is on this server.

The SPF configuration is not the same as DKIM, it does not manipulate anything on the Zimbra server. In essence, it is understandable that we are configuring SPF for domain mail, rather.

Note: SPF needs to be configured on public DNS, not on Zimbra server or your internal DNS.

Use SPF Record Generator to create an SPF record

Again, we will use MXToolbox again to do this. Why is that? This is because we need to create a public DNS record. But what is the content of that record?

MXToolbox provides a tool called SPF Record Generator. You only need to declare your information in the data fields.

And this tool will create content for DNS records for you.

  • Step 1: type domain mail domain to box name Domain Name or URL and press button Check SPF Record.
  • Step 2: fill all data fields in SPF WIZARD to get final dns record.
Configure SPF for Zimbra mail server 8.8.12

At the “How strict should should the SPF Policy be?”

You have 4 choices (this explanation is based on information from Zimbra):

  1. --: do not choose anything
  2. Strict: will only mark the email like pass if the source Email Server fits exactly, IP, MX, etc. with the SPF entry
  3. Neutral: without policy
  4. Soft Fail: allows to send the email, and if something is wrong will mark it like softfail

Usually, we will choose number 4.

Create DNS record for SPF

Based on the content Suggested Record, you need to create a record with the following content:

Host recordTypeValue
@TXT“v=spf1 a mx ip4: ~all”

Note: Put content Value of SPF records in double quotes

Check that the SPF record is set correctly

You open the SPF test tool on MXToolbox. Enter your domain and click SPF Record Lookup button.

The returned result should look like the image below. Every Test step is green.

check that the SPF record is set correctly
Check that the SPF record is set correctly.


So I showed you how to configure SPF for Zimbra mail server successfully. You can do the same with all domains in your Zimbra server. For each new domain, simply repeat the creation of the SPF record as in this article. Next article, I will talk about DMARC.

(This is an article from my old blog that has been inactive for a long time, I don’t want to throw it away so I will keep it and hope it helps someone).

0 0 votes
Article Rating
Series Navigation«« Previous part: Configure DKIM for Zimbra mail server 8.8.12Next part: Configure DMARC for Zimbra mail server 8.8.12 »»

You may also like

Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ahmad Solihin
Ahmad Solihin
3 years ago

Thank You Sir , it`s useful for me to learn more

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.



Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 – All rights reserved.

Please write sources “” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Would love your thoughts, please comment.x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.