SPF Records

You are viewing our old help center. Information in this section may be outdated.
Click here to go to our new help center.
This article only applies if you are using our downloaded software that installs on your own server. With our hosted service we manage everything for you and you do not need to worry about the technical details.

SPF Record For Email Deliverability

If you’ve taken a look at your spam box recently you’ll notice that a great many of those spam messages are attempting to use forged email addresses to trick you into opening them. Forged Email addresses claiming everyone from Facebook, UPS, DHL, and the CIA have attempted to trick me into opening their emails. A new standard known as Sender Policy Framework (SPF) became necessary to prevent such email forgeries. This standard has been implemented by many ISPS and mail hosts, including major providers such as Gmail, AOL, MSN/Hotmail, and Bell South. As a result domains require an SPF record for their mail systems if they want their emails to be accepted by those providers.

Simply put, Sender Policy Framework is a method for preventing sender address forgery. What do we mean by sender address? Think of a traditional paper letter that you send out to someone. Your letter may have a one address in the letterhead, the address of your specific department, and an altogether different address on the envelope, the address of the institution that your department belongs to. The address that’s on the envelope is known as the envelope sender address when you send an email. It’s the return-path that is used when you transport a message from mail server to mail server. This address is not usually shown to users by mail programs. The header sender address of an email message is what you seen in the “From” or “Sender” Address in your email client. Mail servers do not typically care what the header sender address is when delivering a message.

An SPF record protects the envelope sender address which is used for the actual delivery of the email message. This allows the owner of a domain to take ownership of their mail policy, e.g., which mail servers they will use to send emails from their domain. First, the domain owner publishes information in an SPF record in their domain’s DNS Zone. When another mail server receives a message that claims to come from that domain the receiving server is able to check whether the message complies with the domain’s stated policy. Thus it will know whether the message is a forgery.

Once the authenticity of the sender address is established a reputation can be attached to it. Establishing a reputation based on the domain will become more prevalent in the future even when it comes to individual email addresses. For this reason it’s important to set up an SPF record on your From sender’s domain if you have not already done so.

How to setup the SPF record

The biggest obstacle you will face is in how to write and create a proper SPF record which is correct for your domain, as any SMTP server used to send email for that domain must be defined. The DNS syntax for an SPF record may look like this:

Example. IN TXT “v=spf1 a mx –all”

Some set up wizards for setting up valid SPF DNS entries can be found here:

We strongly suggest to use the above wizards and follow their instructions for completing your SPF setup.

You’ll begin by entering in the domain you wish to set up the SPF record for in order to find out if any existing SPF records can be found. If an existing record is found then the wizard will allow you to modify it. If no record is found then you can proceed with the wizard to set one up.

A mail exchanger record (MX record) is a type of resource record in the Domain Name System (DNS) that specifies a mail server responsible for accepting email messages on behalf of recipient’s domain and a preference value used to prioritize mail delivery if multiple mail servers are available. The set of MX records of a domain specify how email should be routed with Simple Mail Transfer Protocol (SMTP).

The wizard should give you the option to select whether your domain’s inbound servers may send mail. The wizard will detect any IP addresses listed in A records for your domain in DNS . The ip address listed is for sending out mail from your outbound mail server. You can also use the SPF wizard to enter in any additional IP addresses that you want to add to your SPF record. If you have questions specific to what options you need to select it is suggested that you contact your server admin or hosting provider.

When your SPF record is generated you’ll notice that all SPF records start out with something like v=spf1. V defines the version of SPF used and ifs mandatory to identify it’s an SPF record.

Now, copy and paste the text to the DNS entry as a TXT record. Your record may be in quotes depending. You may or may not have to exclude quotation marks depending on your DNS system.

How to verify that your SPF record is setup properly

Each domain name registrar will have a slightly different procedure for adding the SPF record to your domain name's TXT entry. This option is generally under the “manage domains” options. If you do not see this option, your registrar's support center will be able to assist you, or can insert the SPF record for you. Once you add the SPF record it may take between 30 minutes and 48 hours for the changes to your DNS record to take effect.

Once you have set up an SPF record you can use the following form to validate whether or not your SPF record is set up properly:

You can use the following tool to simply look up an existing record: