SPF Records Explained

What is SPF?

Sender Policy Framework (SPF) allows domain owners to specify legitimate email origins in an attempt to combat spam and phishing emails. an SPF record should list each mail server or IP which you give permission to send emails on behalf of your domain and how to handle emails from sources not permitted.

What does SPF actually do?

SPF Record answers the following 2 questions:

  1. Who can send an email from my domain.
    • You need to list every source of where an email can originate. This could be your website, your mail server, email marketing, ISP etc, if its not on the list, assume it will be blocked.
  2. What happens to emails which aren’t listed above.
    • 1 if 3 things can happen:
      1. Allow emails from all servers.
      2. Flag an email if its not in the approved list.
      3. Block an email if its not in the approved list.
SPF Authentication Process

Creating an SPF Record

An SPF record is split into multiple parts:

v=spf1: Sets the SPF version that is being used.

include:: lists all authorized mail servers

-all: Indicated any server not listed in the include: section is not permitted to send emails for this domain and action will be taken to delete or mark the message as spam.

Here is an example of an SPF record: v=spf1 include:spf.aoitcloud.com mx a -all

In the example above we have added a and mx into the record which will authorise the servers matching our MX and A records by default. This should be your default mail server and website.

You can add more than 1 domain or IP to the SPF to allow them to send emails for your domain, to do this our record would look like:

v=spf1 include:spf.aoitcloud.com include:111.111.111.111 mx a -all

Understanding the All setting

The all setting is an important marker for the SPF record and instructs the receiving mail server how to handle the message. This can be expressed in 3 different ways:

-all: Any server not listed is not authorised to send emails

~all: If an email is received from a server which isn’t listed, mark it as a soft fail. This will then be processed by the recipients mail server according to their own policy.

+all: This allows any server to send emails from your domain.

NOTE: The last option should never be used in any instance

Adding an SPF record to your DNS

To add your newly created SPF record you will need to login to your DNS provider, this will probably be your web hosting provider unless you used an external service like Microsoft 365 or Cloudflare etc.

Create a TXT Record

Name: @ or your domain without www.

Type: TXT

TTL: 3600

Value: v=spf1 include:yourdomain.com mx a -all

If you require assistance or clarification regarding anything mentioned in the above article, reach out and receive expert support from the highly skilled technical team here at AOIT. We are dedicated to providing exceptional customer service and will be more than happy to assist you.

To initiate a support request, kindly click the “Request Assistance” button and a member of our team will respond to you within 24 hours.

Thank you for choosing AOIT for your technical support needs.

Similar articles you may find interesting...

Enforced 2FA
Information

Enforced Two-Factor Authentication (2FA)

Starting Monday, November 18th 2024, 2FA will be mandatory for accessing your account. This is necessary because our dashboard allows Single Sign-On (SSO) to server and hosting control panels, it also contains personal details and billing information. Ensuring the security of your data is our top priority.

Read More »
What is DNS
Domains and DNS

What is a DNS and How Does it Work?

What is a DNS? A domain name system (DNS) is a naming database. In this database, internet domain names are identified and translated into Internet Protocol (IP) addresses. The DNS maps the name people use to locate a website to the IP address that a computer uses to locate that website, creating a connection between

Read More »
SSH Keys RSA vs ED25519
Information

SSH Keys Choosing RSA or Ed25519

SSH, or Secure Shell keys have a critical role in modern authentication and encryption when establishing secure connections. By utilising advanced mathematical functions SSH keys ensure that only permitted and trusted users can access remote resources. Within the world of SSH keys there are two main choices for encryption algorithm: RSA and Ed25519. In this

Read More »