The Sender Policy Framework (SPF) is a validation method for detecting e-mail spoofing. Email spoofing is the creation of email messages with a spoofed sender address. SPF therefore checks whether e-mails are sent via servers that are not authorized to send e-mails.
As a result of SPF, our simulated phishing emails may sometimes be falsely marked as spam or phishing. To prevent this, we recommend adding SoSafe to your SPF entries. Your SPF entries could look something like this:
Start with the SPF version that classifies the entry as SPF. An SPF entry should always start with the version number "v=spf1".
After inserting the SPF version tag "v=spf1", all IP addresses authorized to send e-mails should follow. For example: v=spf1 ip4: 188.8.131.52 ip6: 2a00:f820:417:2:51:92:b48a:f910
In our case, all necessary IP addresses are included using the includes described in step 3.
Next, add an include tag for SoSafe IPs: "include: spfv4.sosafe.de" and "include: spfv6.sosafe.de". This will authorize our mail servers as allowed mail servers for your domain.
Once you have implemented all IP addresses and inserted tags, you should close your entry with a "-all" tag. The "all" tag is an important part of the SPF entry as it indicates which policy (e.g. reject the email or mark it as spam) should be applied.
-all: Fail - Servers not listed in the SPF entry are not allowed to send email (non-compliant emails are rejected).
~all: Softfail - If the email is received from a server that is not listed, the email is marked as softfail (emails are accepted but marked).
+all: We strongly recommend not to use this option, this marking allows any server to send email from your domain.
Attention: Please note that your SPF entry must not be longer than 255 characters and must not contain more than 10 include tags, also called "lookups". Please note that the "nested lookups" also count. If an entry has an A and MX lookup, both count as lookups for your domain.