Ensure your AWS Route 53 hosted zones have a TXT DNS record that contains a corresponding Sender Policy Framework (SPF) value set for each MX record available. The SPF record enables your Route 53 registered domains to publicly state which mail servers are authorized to send emails on its behalf.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Implementing SPF (Sender Policy Framework) records for your AWS Route 53 domain names will help you detect and stop email address spoofing in order to reduce spam and increase your domains trustworthiness.
Note: This guide assumes that your Route 53 domain names are using MX records for defining the servers that should handle the email delivery.
To determine if your Route 53 DNS hosted zones contain corresponding SPF entries for MX records, perform the following:
To create SPF record sets for the corresponding MX records within your Route 53 DNS hosted zones, perform the following: