SPF Records

SPF (Sender Policy Framework) records are a type of DNS (Domain Name System) record that helps prevent email spoofing by specifying which mail servers are allowed to send emails on behalf of your domain. They are part of the email authentication process that helps to ensure that incoming mail from your domain is actually sent from authorized servers, thereby reducing the chances of phishing and spam.

How SPF Records Work

1. Domain Name System (DNS) Lookup: When an email server receives a message, it checks the SPF record of the sending domain. This involves a DNS lookup to retrieve the SPF record associated with the domain.
2. Validation of Sending Server: The email server compares the IP address of the sending server with the list of authorized IP addresses in the SPF record. If the IP address matches one of the authorized addresses, the email passes the SPF check.
3. Action Based on Result: Depending on the result of the SPF check, the receiving server can take various actions:
   • Accept the email.
   • Mark the email as suspicious or spam.
   • Reject the email outright.

Components of an SPF Record

An SPF record is a TXT record in DNS with a specific syntax. Here’s a breakdown of the typical components:

• v=spf1: Indicates that this is an SPF record.
• ip4/ip6: Specifies the IPv4 or IPv6 addresses authorized to send mail for the domain.
• a: Indicates that the domain’s A (address) records are authorized to send mail.
• mx: Authorizes the domain’s MX (mail exchange) servers to send mail.
• include: Includes SPF records from other domains (e.g., include:_spf.google.com).
• all: Specifies how strict the SPF policy is, often used with mechanisms like -all, ~all, or ?all.

When a mail server gets your message, it looks at your DNS records to find the SPF record. If the SPF record is there, the server checks if the email came from the server listed in the SPF record. You can put the SPF information in the TXT record to show which servers are allowed to send emails from your domain. For example, if you send an email from yourself@yourdomain.com, the SPF record should list yourdomain.com to confirm that the domain is valid.

You can add more domains to your SPF record if you want, but remember that the SPF check can only handle 10 DNS lookups. The SPF mechanisms that need DNS lookups include “include”, “a”, “mx”, “ptr”, and “exists”, and the “redirect” modifier also counts towards this limit.

Related:

• Can I edit MX, CNAME, A Records of my Domain?
• How do I manage my domain’s MX, A, Cname, SPF, TXT, SOA records?