Need help? Call us on 1300 789 260

SPF Guide

Difficulty: Beginner

Prerequisites

  • Access to your DNS

Overview

The Sender Policy Framework (SPF) is an open standard used to validate what servers are allowed to send email using your domain name. This is to help cut down the opportunity for a 3rd party to send spam or phising email using your domain, as their mail servers won't be authorised. However, if you don't configure the record correctly, it could also mean that your email will also be rejected. You need to ensure that every system you send through (especially if it's via a 3rd party) has been explicitly authorised to send. 

SPF is controlled by a TXT based DNS record, which will look something like:

v=spf1 a mx include:_spf.google.com include:spf.mandrillapp.com ~all

This breaks down to:

  • The v=spf1 indicates that it's using version 1 of the SPF standard
  • a mx means that all records for your domain which have an A or MX DNS record (eg www.yourdomainname.com.au and mail.yourdomainname.com.au) have been explicitly allowed.
  • The include specifies to include SPF records for a 3rd party provider. In this example there are two includes, one for Google (_spf.google.com),  and one for Mandrill (spf.mandrillapp.com). You can have multiple includes so that you incorporate all third party services.
  • And finally, the ~all indicates what to do with messages what to do with messages which don't match. The tilde (~) means softfail, which tags rather than outright rejects. If you're sure you have all authorised mailservers listed, you can set this to a minus (-) which is a hardfail (outright rejection of all other emails).

If you use Conetix for your email and DNS, there's nothing further you need to add. Our system automatically sets the correct SPF DNS record for your domain. For those using an external service for either their main email or email marketing lists (or both), you'll need to modify the existing record to authorise the third party. Below are references to the major 3rd parties and the required records:

Google / Gmail

The required additional include is: 

include:_spf.google.com

Further assistance: https://support.google.com/a/answer/178723?hl=en

Office 365

The required additional include is: 

include:spf.protection.outlook.com

Further assistance: https://technet.microsoft.com/en-au/library/dn789058%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

MailChimp

The required additional include is: 

include:servers.mcsv.net

Further assistance: http://kb.mailchimp.com/accounts/email-authentication/set-up-custom-domain-authentication-dkim-and-spf

Zoho

The required additional include is: 

include:zoho.com

Further assistance: https://www.zoho.com/mail/help/adminconsole/spf-configuration.html

Mandrill

The required additional include is: 

include:spf.mandrillapp.com

Further assistance: https://mandrill.zendesk.com/hc/en-us/articles/205582267-About-SPF-and-DKIM

Campaign Monitor

The required additional include is: 

include:cmail1.com

Further assistance: https://www.campaignmonitor.com/forums/topic/8239/authentification-spf-record/

For all other third party systems, you'll need to consult your provider to find out what SPF records need to be added.

We will be publishing guides on how to edit these records directly from our Control Panel. If you need assistance with this, please don't hesitate to contact our support team who will be able to update these records on your behalf. 

Was this article helpful? Yes No
👥

Having trouble? We’re here to help!

We’ve built our company with a serious focus on quality service. Feel free to give us a call!

1300 789 260