What is a SPF record?
SPF or Sender Policy Framework is a type of record added to your DNS manager. It would help you to prevent email address from your domain being forged by spammers. Spammers can falsify email headers and thereby they can send emails to receivers. Those emails seem like sent by a domain based email address belonging to you. As a result, the reputation for your domain will get reduce (among email clients). Therefore you may receive replies for emails that you have never sent.
If you are in a trouble of receiving your server-send-emails to the spam folder of Gmail, Yahoo Mail etc. or you are in need of preventing your domain based email addresses from forging, then this tutorial is the place for you. This will cover the essentials regarding SPF like, Adding / Generating a SPF record, Testing the SPF record and other stuffs that you should consider to have an effective email delivery.
Why SPF ?
Normally, popular email clients like Gmail and Yahoo Mail etc. will treat an emails address belonging to a domain which do not have a SPF record as a spam. Those email clients can’t verify that the sender of those email as the actual sender; that is unable to verify the mail server that has the authority to send emails on behalf of that certain domain.
As mentioned earlier, by using SPF you can specify the mail servers which are permitted to send emails on behalf of your domain. Then when an incoming mail server like Gmail, receives an email based on your domain name, they compare the SPF record of domain name with the information of outgoing (senders) mail server. If the outgoing mail server is not in the SPF record as a valid mail server and information is un-matched, then the email is treated as a spam or they simply reject it.
Note: Having your mail server as valid in the SPF record of domain won’t solely contribute to decide that email send by your mail server on behalf of your domain would not treated as spam by popular email clients like Gmail because after an email is send by your mail server, a hacker could intercept your email in the internet and alter its’ content and re-send it to the destination (as send by your mail-server).
So in order to distinguish those anomalies, popular mail client use another kind of record called DKIM to authenticate the email / email content by a signature belongs to your own mail-server. We’ll discuss on DKIM with my next tutorial: “Install and Configure DKIM for your Domains”.
Hope that now you have some sought of idea about the importance of SPF, and from here onward, I’ll show how to deal with SPF records for your domain for a successful mail delivery.
Here in this tutorial I am using Vultr to manage my DNS; in your case you may use GoDaddy, Digitalocean or your own DNS server to manage DNS for your domain. Although the DNS managers are different, but same will be the records that need to be added.
IMPORTANT: This tutorial assumes that you have a properly configured mail server, so that emails send from the mail server are received by the destination, at least in spam folder.
Follow following steps orderly in order to configure SPF record for your domain.
Checking whether the SPF record is already setup
Its’ better to check whether you have a SPF record for your domain already. Then we can keep it as it is or change it accordingly. In order to check this:
1. Go to this Super Analysis Tool. Click here
2. Select SPF Record Lookup from the drop-down.
3. Enter you domain name in the provided text area and click on “SPF Record Lookup”.
If you obtain a Green-Colored output as above, it means that there is a valid SPF record for your domain. Let’s see about the meaning of that record to decide whether there is a need to change it or not.
- SPF records are added to DNS as a TXT record, therefore v=spf1 Identifies the TXT record as a SPF record (Version 1).
- include:zoho.com means that Zoho mail servers are authorized to send mails on behalf of this certain domain.
- ~all implies that this list is all inclusive, and no other servers are allowed to send e-mail.
In general terms; using above SPF record, receiving mail servers identifies that only Zoho mail servers are responsible for sending emails on behalf of this domain. Therefore any other mail server, attempt to send emails on behalf of this domain will be penalized.
If you are satisfy with your SPF record; then you can stop from this step and proceed with setting up DKIM record in my next tutorial: “Install and Configure DKIM for your Domains”
If you want to change the current SPF record, then you can generate an new record using below steps. Replace that record with already existing SPF record using your DNS manager.
If you obtain an output as above, it means that there is no any SPF record associated with your domain. In next few minutes I’ll show you how to generate, setup and verify SPF record for my newly created Freenom domain, “spfsetup.cf”.
Create a SPF record
There is a great tool provided by MXToolBox that allows you to generate SPF records as per your requirement. Click here;
Then you’ll get an interface as follows, enter your domain and click on “Check SPF Record”.
Then you’ll proceed to the SPF Wizard and you’ll be ask for some questions. These questions will help to generate the corresponding SPF record that satisfies your requirements.
Do you send email from your web-server ?
You can give either Yes or No as the answer. If you are using a 3rd party service like Zoho to send emails then say No to this question. If you are using our own web-server for email sending purposes, say Yes to this question.
Do you send email from the same server in your MX records ?
Check whether you have setup your MX record correctly. An ordinary MX record should looks like below.
As in the figure, there should be an A record to specify the server which is responsible for sending emails.
If the server (IP) indicated in the A record is responsible for sending emails on behalf of your domain, then say Yes to this question and in case of using a 3rd party service; say No to this question.
Enter any other server hostname or domain that delivers email for your domain ?
In case of using a 3rd party service, or if there are any other servers responsible for sending emails on behalf of your domain; then specify hostnames, domains related to those services / mail-servers.
Enter your domain’s IP Addresses / CIDR Ranges.
Provide the IP address/es related to the domain you are going to setup the SPF record.
How strict should the SPF Policy be ?
Use “Soft Fail” (Denotes that this list is all inclusive, and no other servers are allow to send e-mail).
Finally you can see that the suggested record in a grey-box.
Keep that browser tab for future usage and let’s move to add our new SPF record to the DNS manager.
Add new SPF record to DNS
1. Go to your DNS manger and select to manage the DNS of intended domain.
2. Now copy the value from suggested SPF record in previous step:
Then create a New DNS record in your DNS manager,
- Type = TXT
- Name = yourdomain name or @ symbol
- Value = Paste the copied data
- TTL = 3600
An example DNS record is give below for your convenience:
Now your SPF record is setup successfully.
Go to the SuperTool, Insert you domain, Select SPF Record Lookup from the drop-down and run the search query.
Now you’ll obtain a Green-Colored output indicating that you have successfully configured SPF for your domain.
If you still get the previous SPF-not-found-output, then double check whether you have followed all the steps in this tutorial as they are; and if everything is okay with the steps, then please wait for a couple of hours because there may be DNS propagation delays.
Hope that you have setup your SPF record successfully. Now its’ time to work on configuring a DKIM record for your domain to prevent your server-send emails being treated as spam by popular mail clients and to give an extra layer of authenticity for the emails send by your server.
Refer to my tutorial “Install and Configure DKIM for your Domains” for further details.
If you have any problem regarding to this tutorial, just ask those on comment section. I am happy to help you 🙂