What is an SPF Record?

SPF Record

SPF stands for (Sender Policy Framework). An SPF record is an outline of all servers permitted to send/dispatch messages from your domain. Essentially, this diminishes the chance of spam activity supposedly originating from your domain. This is typically identified as source address spoofing. This can cause panic when it happens, however it is important to understand it’s role.

Backscatter

This is where another server sends spam by applying source address spoofing giving the idea that messages are originating from your domain.

This is where at times you may get an influx of bounced email appearing to have originated from one of your domains. At times this may be from something going wrong with your server, the higher likelihood is that it is a backscatter.

Cases of SPF Record

Case 1: One-Server Environment

Where your server runs both your website and email, an example of your SPF record is:

domain.com. IN TXT "v=spf1 a mx ~all"

Here is the breakdown of the SPF record;

domain.com: This the domain that applies to the SPF record

IN TXT: SPF records are usually written as TXT record types. This is the DNS zone record type.

v=spf1: This is to identify the TXT record as an SPF record.

a: Lists the domain’s primary A record as approved to send e-mail.

MX: Lists the domain’s MX record(s) as approved to send e-mail.

~all: Indicates that the list is comprehensive and all inclusive. This indicates that other servers are not permitted to send e-mail according to the SPF.

Case 2: Adding servers

The use of any third party services or a separate server in handling your domain’s email, means it is likely you are using a modified MX record hence pointing your email toward the other server(s). Since your email is handled by the other server, it is important to have it listed in your domains SPF records as it may also be employed to send email.

Given that SPF records list the servers permitted to send email from your domain. In an instance where other email sources are not listed, your emails may not be delivered. This is since they are from an unregistered source not included in the list.

A typical example is where an email user is compelled to send all email using their ISP’s SMTP server since their ISP has blocked traffic to other SMTP servers. In such a scenario, you should list your ISP’s SMTP server as an include statement. Similarly, a domain that uses Google Apps to take care of all email activity should list google.com within SPF record as an include statement to ensure that all email going out is successfully delivered.

domain.com. IN TXT "v=spf1 a mx include:google.com ~all"

The above include statement informs other servers to encompass all related SMTP and MX info pertaining to google.com in your SPF list.

There is a simple to use SPF wizard by openspf.org that asks several questions in regard to your domain helping you setup a comprehensive SPF record inclusive of additional sources of email.

How to Add Your SPF Record

With your SPF record prepared, here is how to add it to your domain’s existing DNS records.

Step 1: Run WHOIS on your domain name. Confirm the nameservers it is currently using.

Step 2: In the instance where your server is the nameserver as well, then add the SPF record to your domain’s DNS by means of the webservers control panel tools. This are usually built in.

Note: When you have no control of your domains nameservers, or have no direct access to them, like TD Web Services’ nameservers, contact relevant parties to update the DNS. This also applies when they are with your domain registrar’s nameservers.