What is an SPF record, and how to create one?
If a third party is abusing you by sending emails from your domain, or you want to reduce the chance of your emails being found in the SPAM folder, then you might find this material useful to you. SPF technology help protects your domain from sending spam and reduces the chance of emails you send falling into SPAM filters.
What is an SPF record?
SPF (Sender Policy Framework) is a technology that validates the sender of an email. Specifically, email servers check whether the domain, from which the e-mail was sent, has an SPF record created and whether it contains the IP address from which the e-mail was sent. In practice, it is checked whether the email has been verified by the domain owner. Based on this, the email server may consider this to be SPAM and the email will never be seen by the recipient.
The SPF record is actually a simple TXT record in the domain's DNS zone containing a list of allowed IPs that are verified to send emails from the domain to which the zone applies.
What is the syntax of this record?
As we mentioned earlier, an SPF record is a TXT record in the DNS zone of the domain. It requires a specific syntax to work correctly.
Here is an example of such an SPF record:
v=spf1 +a +mx +ip4:91.92.66.66 -all
In the case of the abovestated record, we have told to the email recipients that the server, which is verified to send emails from our domain name, has an IP address of 91.92.66.66. Now, if a server with a slightly different IP address (e.g. 91.92.66.67) tries to send an email from the same domain, the chance that it would be treated as SPAM is very high.
Probably you're wondering what all those things in the record mean? Let us tell you a bit more.
v=spf1 | It indicates that this TXT record is actually an SPF record and it shows the SPF version that is being used. There was another version of SPF, but it was discontinued. |
+а | Validate the email, if the IP address (from which the domain is sent) has an A record to the domain sender. |
+mx | Validate the email, if the IP address (from which the domain is sent) has an MX record to the domain sender. |
+ip4:IP | Validate the email, if the IP address (from which the domain is sent) matches the IP address provided in the record. |
-all | Cancel the email in case of unsuccessful validation. |
The last parameter has two more versions:
~all | Accept the email, but mark it as unreliable, in case of unsuccessful validation. |
+all | Accept the email, in case of unsuccessful validation. Strictly not recommended! |
How to create an SPF record for my domain in shared hosting?
All shared hosting accounts at VPSBG have SPF and DKIM records created beforehand to make it easier for our customers.
If you would like to change the record, or for some reason, the record hasn't been created, follow these steps to add the record:
- Log in to the cPanel;
- Go to Domains >> Zone Editor;
- Click Manage next to the domain for which you would like to create the record;
- You will see all records for this domain. Find an SPF record, if you want to change it.
- If you have to create a new SPF record, click Add Record and choose an option to add a TXT record. Fill out the fields and click Add Record.
How to add/create an SPF record for my domain in VPS?
We have already shown you how this record would look earlier in this tutorial. Now, if you are using a VPS, substitute the IP address in that record with your own and create a TXT record for your domain in the DNS zone.
How to check whether I have created my SPF record correctly?
The easiest tool you can use is MXToolBox. It will check if the record exists and whether it is correct. Also, it will give you information on what precisely this record contains (the list of IP addresses and actions).
Notice: keep in mind that an SPF record is a DNS record, and just like every DNS record it is cached. Please, allow up to 48 hours for it to be created.
Additional information
It is important to note, that every time something changes in your infrastructure, you need to check whether your SPF record is still accurate. If you decide to use the services of an email hosting provider (like Mailchimp) and the emails are sent from your domain, you still need to add their servers into your SPF record.
As we have mentioned at the beginning of this tutorial, there are several syntactic structures of an SPF record. The truth is that there are many more that can be used for different purposes (e.g. exists, redirect, include, etc.).