Ensure that your Amazon Route 53 hosted zone has a TXT record that implements the Sender Policy Framework (SPF) for the corresponding MX record available within the DNS zone. The Sender Policy Framework enables your registered domains to publicly state which mail servers are authorized to send emails on their behalf.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Implementing Sender Policy Framework (SPF) for your Amazon Route 53 domain names will help you detect and stop email address spoofing in order to reduce spam and increase your domains trustworthiness.
Note: This conformity rule assumes that your Amazon Route 53 hosted zones are using MX records for declaring the server(s) that should handle email delivery.
Audit
To determine if your Amazon Route 53 hosted zone contain a TXT DNS record with SPF information for the corresponding MX record, perform the following actions:
Remediation / Resolution
To implement Sender Policy Framework (SPF) for all the corresponding MX records within your hosted zones using Amazon Route 53 TXT DNS records, perform the following operations:
References
- AWS Documentation
- Amazon Route 53 FAQs
- What is Amazon Route 53?
- Working with public hosted zones
- Working with records
- Creating records by using the Amazon Route 53 console
- Supported DNS record types
- AWS Command Line Interface (CLI) Documentation
- route53
- list-hosted-zones
- list-resource-record-sets
- change-resource-record-sets
- get-change