The SPF(Sender Policy Framework) record identifies which mail servers are permitted to send e-mail on behalf of your domain. It has a key role in preventing spammers from spoofing your domain. To enable SPF, you need to add an SPF record for your domain name. It is a DNS record from the TXT DNS type and it holds the necessary information that allows verifying which e-mail servers are truly authorized to send messages from the name of your domain name.
Once the SPF record provides that information, the e-mail server can be verified, validated, or not.
Using the SPF record, specifically its qualifiers and mechanisms, you can specify rules, as strict as you decide, to verify.
The SPF record has the following look in your ClouDNS Control Panel:
|hostname.com||SPF||v=spf1 include:_spf.google.com ~all*||1 Hour|
* The example is used for customers, who use Gmail as a mail service.
Note that this record is deprecated and it is recommended to create only TXT Record or to be duplicated with TXT Record.
With SPF record you protect your domain reputation in front of all other email services and other receiving email servers so to say. In simple words, you prove which senders are truly authorized to send email from your domain.
Go to your Control Panel and click on Add new record. Enter the details as follows:
TTL: 1 Hour
Points to: v=spf1 include:_spf.google.com ~all
You can use these mechanisms to define which IP addresses are allowed to send mail from the domain:
A mail server will compare the IP address of the sender with the IP addresses defined in the mechanisms and if the IP address matches one of the mechanisms in the SPF record then follow the result handling rule. The default handling rule that is used is + or pass.
Using the include mechanism will allow you to authorize hosts outside of your administration by specifying their SPF records.
If you use all as a mechanism this will match any address. Usually, this mechanism is used at the last position and defines how to handle any sender IP that did not match the previous mechanisms.
All of the mechanisms that may specify qualifiers for how to handle a match:
You can manually check the Sender Policy Framework (SPF) record for a domain by using one of the following commands:
$ dig TXT a space, and then the domain/host name - example "dig TXT cloudns.net"
You can check the record using nslookup as well. A sample is shown below:
$ nslookup -type=txt a space, and then the domain/host name - example "nslookup -type=txt cloudns.net"
You can also check if you have configured your SPF record correctly by using an online SPF record validator.
You may have at maximum one SPF record, defined as a TXT record or as an SPF record type for each fully-qualified name.
You can have various limitations on the number of items and lookups permitted in an SPF record:
ClouDNS provides full support for SPF records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your SPF records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.
Question: Based on the latest criteria, the SPF record is deprecated. How could I publish my SPF then?
Answer: Good question. Yes, that's right, the SPF record is deprecated. For that reason, you need to publish your SPF by adding a TXT record with the same SPF values.
Question: I have a couple of SPF records in my zone, but all SPF checks fail. What is wrong?
Answer: SPF standards don't allow having multiple SPF records in your DNS zone. Only a single SPF record must reside in your DNS zone.