Checks whether each DNS MX record has an associated TXT record with a valid Sender Policy Framework (SPF) value. An MX record is compliant if at least one associated TXT record contains a valid SPF value.
Scenarios
Verifies that DNS MX records have valid SPF protection for email service security and reliability.
Risk level
Default risk level: Low.
You can adjust this level as needed.
Detection logic
-
For each MX record, checks associated TXT records for a valid SPF value. An MX record is compliant if at least one associated TXT record has a valid SPF value.
Rule details
|
Parameter |
Description |
|
Rule name |
Compliance check for DNS MX records |
|
Rule identifier |
|
|
Tags |
Alidns, Domain |
|
Auto-remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource types |
ACS::Alidns::Domain |
|
Input parameters |
None |
Remediation
To fix a non-compliant resource, follow the steps in CNAME records.