This rule checks the compliance of DNS MX records. For each MX record, the rule checks whether an associated TXT record contains a valid Sender Policy Framework (SPF) value. An MX record is considered compliant if at least one associated TXT record has a valid SPF value.
Scenarios
This rule checks whether DNS MX records have valid SPF protection to ensure the security and reliability of your email service.
Risk level
Default risk level: Low.
You can change the risk level as needed.
Detection logic
For each MX record, the rule checks its associated TXT records for a valid SPF value. An MX record is considered compliant if at least one of its associated TXT records has a valid SPF value.
Rule details
Parameter | Description |
Rule name | Compliance check for DNS MX records |
Rule identifier | |
Tags | Alidns, Domain |
Auto-remediation | Not supported |
Trigger type | Configuration change |
Supported resource types | ACS::Alidns::Domain |
Input parameters | None |
Remediation
For instructions on how to fix a non-compliant resource, see CNAME records.