1# SPF23check.spf the check module that verifies whether IP address of the client is4authorized to send messages for domain in MAIL FROM address.56SPF statuses are mapped to maddy check actions in a way7specified by \*_action directives. By default, SPF failure8results in the message being quarantined and errors (both permanent and9temporary) cause message to be rejected.10Authentication-Results field is generated irregardless of status.1112## DMARC override1314It is recommended by the DMARC standard to don't fail delivery based solely on15SPF policy and always check DMARC policy and take action based on it.1617If `enforce_early` is `no`, check.spf module will not take any action on SPF18policy failure if sender domain does have a DMARC record with 'quarantine' or19'reject' policy. Instead it will rely on DMARC support to take necesary20actions using SPF results as an input.2122Disabling `enforce_early` without enabling DMARC support will make SPF policies23no-op and is considered insecure.2425## Configuration directives2627```28check.spf {29 debug no30 enforce_early no31 fail_action quarantine32 softfail_action ignore33 permerr_action reject34 temperr_action reject35}36```3738### debug _boolean_39Default: global directive value4041Enable verbose logging for check.spf.4243---4445### enforce_early _boolean_46Default: `no`4748Make policy decision on MAIL FROM stage (before the message body is received).49This makes it impossible to apply DMARC override (see above).5051---5253### none_action `reject` | `quarantine` | `ignore`54Default: `ignore`5556Action to take when SPF policy evaluates to a 'none' result.5758See [https://tools.ietf.org/html/rfc7208#section-2.6](https://tools.ietf.org/html/rfc7208#section-2.6) for meaning of59SPF results.6061---6263### neutral_action `reject` | `quarantine` | `ignore`64Default: `ignore`6566Action to take when SPF policy evaluates to a 'neutral' result.6768See [https://tools.ietf.org/html/rfc7208#section-2.6](https://tools.ietf.org/html/rfc7208#section-2.6) for meaning of69SPF results.7071---7273### fail_action `reject` | `quarantine` | `ignore`74Default: `quarantine`7576Action to take when SPF policy evaluates to a 'fail' result.7778---7980### softfail_action `reject` | `quarantine` | `ignore`81Default: `ignore`8283Action to take when SPF policy evaluates to a 'softfail' result.8485---8687### permerr_action `reject` | `quarantine` | `ignore`88Default: `reject`8990Action to take when SPF policy evaluates to a 'permerror' result.9192---9394### temperr_action `reject` | `quarantine` | `ignore`95Default: `reject`9697Action to take when SPF policy evaluates to a 'temperror' result.