SPF Records

Many of you will have had issues sending email to Gmail accounts in recent months and, with many email platforms introducing new checks on inbound email to their customers, the subject of SPF Records has become a hugely topical one, and one that needs to be addressed if you want to maximise the chances of your emails arriving at their final destinations.

What is an SPF Record?

Sender Policy Framework (SPF) is a method of authenticating email that ensures the sending mail server/network being used to send email for a specific domain is authorised. By doing this, having an SPF Record in place helps prevent email spoofing, phishing and spam.

The SPF Record will contain a list of authorised sending hosts and IP addresses for the domain, and is published in the DNS records for that domain. As implied, this may be a single sending host/network, or multiples if you are sending email via multiple networks – for instance you may use a different sending host/network for emails sent from your website.

Why set up an SPF Record?

We’ve already mentioned the potential issues of email delivery to platforms such as Gmail, but there are other reasons why it’s a very good idea to have an SPF Record in place for your domain.

With an SPF record in place, spammers and fraudsters are less likely to forge emails pretending to be from your domain, because the forged emails are more likely to be caught in any spam filters that are checking the SPF records. Therefore, an SPF-protected domain is far less attractive to spammers and fraudsters. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be listed by spam filters and so ultimately the legitimate email from the domain is more likely to get through.

Things to watch out for:

It is essential that the SPF Record is set correctly – and includes all networks you may be using for outbound email – see the ‘Implementation’ section below.

It’s important to note that message forwarding by the intended recipient’s mailbox can bounce when it hits the network it ‘s been forwarded to, as the SPF Record won’t match that of the forwarding network.

Implementation

You will need two things:

  • Access to the DNS Control Panel for your domain – your Domain Host will provide this
    The correct SPF Record
  • If you’re sending email purely via our network then you should set the SPF Record for your domain as follows: v=spf1 include:_spf.verygoodemail.com ~all

If you’re also sending some of your email via another network then you’ll need to check what the SPF entry will be for that network from the relevant provider, and add it to the one above.

For example, an IP Range of 192.168.1.2/26 for a second network would be added as follows:

v=spf1 include:_spf.verygoodemail.com ip4:192.168.1.2/26 -all

And any additional networks added in the same way.

If you are confident in what you are doing then other Qualifiers/Modifiers may be used in your SPF Record, but we recommend the above format as a standard entry.

Note that, when adding an SPF Record to the DNS Table for your domain please add as a TXT entry, and not SPF if that is an option. Quite a few DNS hosts/registrars provide an “IN SPF” option, which, surprisingly, doesn’t work! It should be “IN TXT”.

If unsure we are here to help: contact us at support@verygoodemail.com, or call us on 01442 927470 during working hours.