What are SPF and Sender ID and how do they affect our Oracle Service Cloud site?
Sender Policy Framework (SPF)
Sender Policy Framework (SPFv1) and Sender ID (also known as SPFv2) are two email authentication technologies that use Domain Name System (DNS) to specify which servers are allowed to send email on behalf of a particular domain name. The two technologies share common heritage and are almost identical in how they work. The main difference is how the receiver determines who (what domain) is the sender. SPFv1 uses the domain in the envelope sender address (the MAIL FROM: portion of an SMTP transaction), while Sender ID uses the Purported Responsible Address (PRA).
For your Oracle Service Cloud mailboxes, you will need to publish an SPF record if the domain specified in the Envelope From/Bounce Address field in the console is branded to your organization's domain. If you only edit the Friendly From/Branded Address field of the hosted mailbox, then this answer does not apply. However, if you do change the Friendly From/Branded Address field, you will need to set up DKIM. Please see DomainKeys and DKIM email authentication configuration.
Note: If you set the configuration IFWD_UI_FROM_ADDR to 3 allowing forwards to be sent using your agent's personal email addresses, you will need to verify that the domain used by your agents email addresses also publishes the SPF record like the above scenarios.
For more information and complete procedures, see Email Management in the online documentation for your release.
How do I implement this SPF change?
The following example shows what you should publish in your SPF record. This example applies to Service email as well as Outreach and Feedback email.
Example: As the director of customer service for Widgets R Us, you want to send email from your hosted Oracle Service Cloud site to your customers, and you want to brand your email so that your customers see "email@example.com" in the email's From address.
Action: Define SPF records in the widgetsrus.com DNS as follows:
widgetsrus.com IN TXT "v=spf1 include:rnmk.com ~all"
Note: You must add your own domain in your SPF record (e.g. widgetsrus.com as seen above)
In this example, hosts identified in the rnmk.com SPF record are allowed to send on behalf of widgetsrus.com. The final entry, "~all" defines the policy that will be used. In this case, all email originating from hosts listed in the rnmk.com SPF record that use the domain in the example will be accepted as legitimate sources of email for widgetsrus.com. If the receiver identifies email coming from a host that is not listed in the SPF record, the receiver should soft fail those emails.
For more information on SPF, see http://www.openspf.org/ and http://www.rfc-editor.org/rfc/rfc4408.txt
For more information on Sender ID, see https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/sender-id?view=exchserver-2019