SPF stands for Sender Policy Framework, and is a method by which
the administrator of a domain explicitly specifies which mailservers
are allowed to send mail for his domain. As this is just a TXT record
that is put into the domains DNS zone file, the setup is fairly
straightforward. A very basic SPF for mydomain.com might look like this:



mydomain.com   IN TXT   “v=spf1 a mx ~all”



The above specifes that this is an SPF record for mydomain.com:



v=spf1 - a required header that indicates this is an spf record

a - the A record for mydomain.com is allowed to send email

mx - the MX record for mydomain.com is allowed to send email



~all - all other mailservers trying to send mail will return a code of
“softfail”. The mail will still go through, however it will be a
suspect message



If you wished to allow another server to send mail through that had the
hostname of mail2.mydomain.com, you would modify the record thusly:



mydomain.com   IN TXT   “v=spf1 a mx a:mail2.mydomain.com ~all”



Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:



mydomain.com   IN TXT   “v=spf1 a mx a:mail2.mydomain.com -all”