Sender Policy Framework macros or SPF macros are used in an SPF TXT record to make it more dynamic and scalable for optimum email authentication and security. An SPF macro defines character sequences that get replaced by metadata from each message that undergoes SPF validation.
This concept promotes the idea of generating a simplified Sender Policy Framework record that is devoid of long and complicated strings. In some situations, mechanisms, qualifiers, and modifiers don’t suffice, and SPF macros have to be used to instruct recipients’ servers on the management of potentially fraudulent emails dispatched from your domain.
Image sourced from gulfsouthtech.com
These are symbolized by a percentage sign (%) and are constituted of two or more letters, modifiers, and delimiters. Sender Policy Framework macros are assessed and substituted with their corresponding values at the time of email authentication at a receiver’s end.
%s and %d represent the sender’s address and domain name linked with the checked identity, respectively. On the other hand, modifiers like r,l, or o are implemented to retrieve specific elements of the address or domain.
Types of Sender Policy Framework Macros
SPF macros are identified by unique single letters or characters enclosed in curly braces { } and preceded by a percent (%) symbol, signifying distinct components within your SPF record. These are the fundamental macros:
- %{s}: The “s” macro signifies the sender’s email address, as exemplified by Sam@domain.com.
- %{l}: Used to indicate the sender’s local part, as demonstrated by “Sam.”
- %{o}: This designates the sender’s domain, such as “domain.com.”
- %{d}: Similar to “o,” this macro represents the authoritative sending domain, which is typically the same as the sender’s domain, though exceptions may apply.
- %{i}: This is employed to extract the IP address of the message sender, e.g., 503.0.123.7.
- %{h}: The “h” macro represents the HELP/EHLO domain.
There are numerous additional macros that you can specify in your record, but we have listed some of the commonly used ones here.
Use Cases of Sender Policy Framework Macros
As per the expectations of domain owners from email security protocols, SPF macros can untangle an email authentication infrastructure and shorten down the SPF TXT record size. Here are some usual scenarios when macros are introduced in an SPF record-
1. Companies With a Multi-Domain Infrastructure
While SPF macros are especially well-suited for enterprise-level organizations managing multiple domains, they remain a valuable tool for organizations of any size. Macros offer significantly greater flexibility and enhance the efficiency of SPF records when compared to conventional flattening techniques. This ensures the smooth functioning of SPF even in complex multi-domain settings and eliminates the necessity to create multiple SPF records.
2. Large Email Infrastructures
Organizations dealing with intricate email systems may find it necessary to incorporate several SPF mechanisms, with the most efficient approach being the utilization of SPF macros. These macros enable the establishment of references to mechanisms, thereby preventing the SPF record from becoming excessively lengthy and keeping it within the RFC-prescribed limit of 512 octets.