KB - How do I set up SPF for my domain?

How do I set up SPF for my domain?

Article was last updated on March 10, 2022. View products that this article applies to.

Introduction

SPF, or Sender Policy Framework, is a protocol used by domain owners to authorize the IP addresses that are allowed to send emails from their domain. It can help improve email deliverability by decreasing the chances of your email being flagged as spam, and help spam filters, such as ORF, to determine whether the sender of an incoming email is actually authorized to send emails on behalf of your domain.

Why should you use it

There are a few benefits of using SPF. First, it can help treduce the amount of spam that is sent in the name of your domain. Second, it can help detect forged emails. And third, it can help improve your email delivery rates.

How does it work

The way that SPF verification works is by checking the IP address of the sending server against the list of authorized sending servers in the publicly available SPF record of the alleged sending domain. If the IP address matches one of the authorized servers, then the email is considered to be legitimate. If the IP address does not match any of the authorized servers, then the email is likely to be spam.

Publishing an SPF policy

To set up SPF for your domain, you will need to create a TXT type DNS record in the zone file of the DNS server authoritative for your domain. The contents of the record should look something like this:

v=spf1 a mx ip4:1.1.1.1 -all

In the example above, the SPF record states that emails sent from the domain should only come from IP addresses listed in the "A" and "MX" DNS records, and from the IP address 1.1.1.1. You can specify additional IP addresses an even IP address ranges using CIDR notation like this:

v=spf1 a mx ip4:1.1.1.1 ip4:2.2.2.2 ip4:3.3.3.0/24 -all

If necessary, you can include an existing or third-party SPF policy into the new record using the "include" mechanism:

v=spf1 a mx ip4:1.1.1.1 ip4:2.2.2.2 ip4:3.3.3.0/24 include:other-domain.net -all

To complete the record, don't forget to close it with the "-all" mechanism:

v=spf1 a mx ip4:1.1.1.1 ip4:2.2.2.2 ip4:3.3.3.0/24 include:other-domain.net -all

If you need to create a more complex record, please refer to the official SPF syntax guide: http://www.open-spf.org/SPF_Record_Syntax/

Verifying the SPF policy

Use the SPF Policy Tester tool on our website to check if the published SPF record works: https://vamsoft.com/support/tools/spf-policy-tester

Best practices

You should update your SPF record anytime you make changes to the email infrastructure that sends mail from your domain. For example, if you add or remove an internet-facing outbound mail server from your email sending setup, you will need to update your SPF record to reflect those changes.

Troubleshooting

If you have any problems setting up your SPF record, please check the following:

  • Did you use the correct syntax?
  • Are all of the email servers that send mail from your domain listed in the SPF record?
  • Is the SPF record placed in the correct location on your DNS server?
  • Have you updated your SPF record when changes were made to your email sending infrastructure?

If you're still having trouble, contact our support team for assistance.

Conclusion

Domain owners should not wait to publish their SPF policy. Spammers may take advantage of unprotected domains and use them to send illegitimate messages. By taking a few minutes to set up SPF, you can help improve your domain's reputation and reduce the chances of successful phishing and scam attempts targeting your organization.

Applies To

The article above is not specific to any ORF versions.

hnp1 | hnp2