SPF Records are an anti-spam tool that mail servers can use to accept email from appropriate servers and reject email from all other servers.
This can help you in two ways. One, some servers will look more favorably on your legitimate email if comes from an "approved" server. Two, you will be able to stop spammers from "spoofing" your email address. Spoofing occurs when an email is disguised as coming from your email address, when it actually originates from a spam server. Not all mail servers check for SPF, but a fair number of them do, so the amount of spoofing you see should significantly decrease.
Instructions
An SPF record is a type of DNS record called a TXT record.
- Construct the right SPF record for your specific server and email setup. You can use the guide below to help you.
- Add the record as a TXT record to your DNS zone file.
- Wait 48 hours for your DNS change to propagate.
- Observe your email behavior, and adjust the SPF record if there are any problems.
How to Construct Your SPF Record
The correct settings for your SPF record depend on your server type and your mail server use patterns. All SPF records have the same beginning and the same end. Your specific server information goes in the middle.
Beginning Text
An SPF record always starts with the following text, which signals that you are creating an SPF record.
- v=spf1
Ending Text
An SPF record, for our purposes, should always end with the text below. This instructs the recipient mail server to mark a "fail" for messages coming from extraneous servers. (Note: don't use this record by itself, because it will cause all messages to fail, no matter where they come from. Make sure you have something in the middle, too.)
- ~all
Middle (Server Entries)
Everyone should include the information from Parts 1-3 (or just the first two, if you have a VPS).
The fourth part contains extra information for users with custom mail configurations.
Part 1: A and MX
Everyone should include the following entries:
- a
- mx
This allows you to send email from your "normal servers" - the one that your website is on and the one that processes your email.
For the technically-minded, the recipient mail server will first check the IP address(es) associated with your main A record and with your MX record, then check to see that the message was sent from the server with the same IP address.
Part 2: IP Addresses
Next, you should add all of your IP addresses. Shared servers, Domain packages, and Sphera VDS servers come with one IP address by default. VPS servers come with two IPs by default. If you have purchased any extra IPs, include them as well. You can also include a whole block of related IPs by adding /24 to the end of your IP address.
- ip4:12.34.56.78
- ip4:12.34.56.78/24 (this one includes an IP block)
You should replace 12.34.56.78 in the example with your own IP address.
To learn how to find your IP address, please read this article:
Part 3: Shared Server, Domain Package, and Sphera VDS
Applies to: Shared servers, Domain Package, and Sphera VDS
You should add the A record and MX record for the host domain of your shared server. First type a: or mx:, and then the server name.
- a:xx00.myhostcenter.com
- mx:xx00.myhostcenter.com
You can find your shared server name in the Customer Manager. First, click on My Products. Then, click on View Detailsnext to your server. Your server name will be listed next to Server in the information box on the left, right under your IP address. It should look like xx00.myhostcenter.com. The beginning characters can be different.
(Note: Some of these server types send mail via their own IP. If you know this to be true in your case, you do not need to add your shared server name, although it won't hurt anything if you do.)
Part 4: Custom Servers
Finally, you should list any other servers or IPs that might send email from your domain. Here are some possible other servers that you might want to list, depending on your custom mail setup:
- office mail server, like Microsoft Exchange
- Internet Service Provider mail server
- domains that are aliases to this domain
You should check the specific documentation for your other servers for their correct SPF settings. You can also build appropriate records using a:, mx:, and ip4:.
Putting it Together
Now you should have all the pieces you need to make your SPF record. Here are a couple of examples of how your completed record might look:
- v=spf1 a mx ip4:12.34.56.78 ~all
- v=spf1 a mx ip4:12.34.56.78/24 ip4:12.34.56.79 a:other.mailserver.net ~all
- v=spf1 a mx ip4:12.34.56.78 mx:alias-example.com ~all
- v=spf1 a mx ip4:12.34.56.78 a:xx00.myhostcenter.com mx:xx00myhostcenter.com ~all
Note that they all begin with v=spf1 a mx and an ip4: entry for the IP address. Next, they include other IPs and servers. Finally, they end with ~all.
After You Add the SPF Record
The right SPF record will cut down on spam and help your legitimate messages go through. However, the wrong SPF record will make your emails more likely to be flagged as spam. You should keep an eye on your email behavior for a week or two after adding your SPF record. If you start receiving bouncebacks, or your email delivery is delayed, you should re-examine your SPF record for errors and update its settings to be more inclusive.
How do you make an SPF record more inclusive? You can list more servers, or add /24 to the end of any record to broaden the range of acceptable IPs. This works on the end of A and MX inclusions too. Example: a:example.com/24.
Note that all DNS changes will take up to 48 hours to propagate and take effect.