SPF
What is SPF?
Sender Policy Framework (SPF) is one method to help detect forged/faked emails, a technique to reduce email spam and “phishing”. This is achieved by creating special DNS records for your domain that lists all authorised mail servers that are allowed to send email on your domain’s behalf. Upon receiving an email from your domain, a recipient server that supports SPF, will look up this list of authorised servers and determine if the email originated from an authorised server. Emails originating from unauthorised servers will then be rejected or at least marked as spam, depending on your settings.
Structure
The SPF record must be created with a very specific format and is created as a “TXT” record. Tibus recommend using a tool to aid in generating these correctly, such as SPF Wizard.
Components
- “mx” – The mx (mail exchanger) records for the domain (in this case example.com)
- “a” – The IP address resolved by the DNS “A” record of example.com
- “ip4:” – A specific ipv4 IP address
- “include:” – Useful for including another domains SPF record, in this example, it is the SPF records for Google Gmail.
Example
| Name | Type | Value |
|---|---|---|
example.com |
TXT | "v=spf1 mx a ip4:212.108.93.10 include:_spf.google.com -all |
What to include?
It is important when adding SPF to your domain, that you correctly identify all possible sources of email that may be sent from your domain so that these can all be included. Failure to include an authorised mail server could result in some/all of your email not being delivered. Below are some possible sources that your email may originate from, however, this list is by no means exhaustive and may differ in every case.
- Email server (Tibus, Microsoft O365, Gmail)
- Email smart hosts/relay servers
- Web server that hosts your website
- Bulk Email service (Mailchimp, Mailgun, Sendgrid)
- Other cloud-based services (CRM, Room booking)