Ensure that your Amazon Route 53 hosted zone has a TXT record that implements the Sender Policy Framework (SPF) for the corresponding MX record available within the DNS zone. The Sender Policy Framework enables your AWS Route 53 registered domain to publicly state which mail servers are authorized to send emails on its behalf.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Implementing Sender Policy Framework (SPF) for your Amazon Route 53 domain name will help you detect and stop email address spoofing in order to reduce spam and increase your domain trustworthiness.
Note: This conformity rule assumes that your Route 53 domain name is using an MX record for declaring the server(s) that should handle the email delivery.
Audit
To determine if your Amazon Route 53 hosted zone contain a TXT DNS record with SPF information for the corresponding MX record, perform the following actions:
Remediation / Resolution
To implement Sender Policy Framework (SPF) for all the corresponding MX records using Route 53 TXT DNS records, perform the following operations:
References
- AWS Documentation
- Amazon Route 53 FAQs
- What is Amazon Route 53?
- Working with public hosted zones
- Working with records
- Creating records by using the Amazon Route 53 console
- Supported DNS record types
- AWS Command Line Interface (CLI) Documentation
- route53
- list-hosted-zones
- list-resource-record-sets¶
- change-resource-record-sets
- get-change
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Sender Policy Framework In Use
Risk level: Medium