How to create an SPF record?
It is safe to say that an SPF record helps to turn the internet into a better place, once it is a useful security method that email senders can use to fight spam and other dangerous emails that may destroy your reputation.
Email senders have to always look out for their domain and online reputation, and SPF records have become an important player in this mission. Are you an email sender? Do you have the ability and knowledge to set up an SPF record?
If you are responsible for sending emails at your company, but you are not aware of the SPF records’ importance, you have nothing to worry about. We prepared this article to teach you everything you should understand about creating SPF records to fight spam and how to set up your own protocol.
Are you ready?
- What is an SPF record?
- The importance of the SPF record: what effect does an SPF record have?
- How to create your SPF TXT record?
What is an SPF record?
An SPF (Sender Policy Framework) is a TXT file, which contains a list of IP addresses and hostnames that are allowed to send messages on your behalf.
This method is widely used to contain spam complaints and also make the whole internet a safer place, as it helps to reduce the circulation of dangerous emails on the web.
In short, an SPF record is an actual list of legitimate email accounts that you can use to send messages to your subscribers, making sure no unauthorized domain sends unwanted or poisonous messages to your audience.
The importance of the SPF record
Protection and safety are extremely necessary to use the web. We know that the internet can offer us countless benefits, but it also has its dangers.
Would it be recommendable for a police officer to go to a dangerous zone without any kind of protection, such as a bulletproof vest? I don’t think so. An SPF record is just the bulletproof vest you need to enjoy all the benefits that the internet can offer.
We should be able to explore the web safely, but we can’t turn a blind eye to its dark side. As email senders, create SPF record is ideal for sending messages under different IP addresses and domains, without taking any chances of being mistaken as a spam sender or other malicious address.
Create SPF record is important because:
- reduces bounces, which is going to protect your domain and enhance your deliverability at the same time;
- can protect your email address and domains, as well as other kinds of addresses you use to send messages to subscribers;
- improves your reputation as a sender, making sure you hit real mailboxes;
- is a simple and easy-to-manage tool, completely able to boost your ROI and other metrics you use to measure your results;
- avoids online attacks, both for senders and receivers, such as phishing, spoofing and spam.
The effectiveness of creating SPF records is undeniable, if you want to know more about the SPF to protect your domain and email access the link. So, let’s find out how to create your own SPF TXT record.
How to create your SPF TXT record?
Now that we know that creating an SPF record is all about its advantages, it’s time to go from theory to practice.
Setting up your SPF TXT record may seem complex, but it really isn’t. We will explain in detail what you are supposed to do, describing all its configuration. Follow the next steps, that by the end of this article, you will be able to create SPF records on your own.
1. Make a list of your IP addresses that you use to send email
The first thing you have to do when setting up your SPF TXT record is to gather all the IP addresses and domains that you use to send emails to your audience. Your list must include:
- all of your IP addresses;
- every host linked to your main domain and IP address;
- the third-party mail servers that you might use on your behalf to send messages.
Many companies use a lot of servers and IP addresses to send emails to people, so, if it is your case, you mustn’t forget anything.
If you are unsure about your IP addresses, domains, and email servers, please reach out to your ESP (Email Service Provider) to get a full list of the email accounts related to your domain and IP addresses.
Another detail that you can’t miss out on is to create SPF records with every email related to your company. You have addresses that you use to send emails, and others that you have for other purposes. All of them must appear on the list, not only the ones you use to send messages.
2. Create SPF record
The next step is to create the TXT file with the list of email addresses and domains that you gathered in the first step. Here is what you have to do:
- You must use the tag “v=spf1” before the emails on your list because this configuration will recognize certain IP as an authorized email sender (Example: v=spf1 ip4:188.8.131.52 ip4:184.108.40.206);
- After including the IP addresses, you can also add the servers;
- When the IP addresses and servers of your company are on your lists, now it’s time to add emails of a third-party too (the authorized addresses to send messages on your behalf), with the tag “include” (Example: include: thirdpartyemail.com);
- End the SPF TXT record with the following tags:
~all (soft SPF fail, which means servers that aren’t listed can send emails on your behalf, but they will be marked)”;
-all (hard SPF fail, which means servers that aren’t listed can’t send emails on your behalf, and they will be rejected);
+all (the server is allowed to send emails on your behalf);
It is not recommendable to use the +all tag all the time, since it allows any server to deliver emails from your organizational domain. Using this option can leave your IP addresses and domains prone to spoofing.
You are only allowed to employ the tag -all tag for the emails that aren’t used to send messages.
Finally, your SPF record cannot have more than 255 characters in length, nor have more than ten statements marked with the “include” tag.
When you are done creating your SPF record TXT file, now you have to publish it.
3. Publish your SPF to DNS
Now, the SPF record that you created must be published to DNS to work. You might need to keep in touch with the technical support area in your company to do that.
Your DNS provider can give you access to a dashboard or you can also ask a responsible professional to publish the SPF record for you.
If you want to execute this task by yourself, follow these steps:
- you need to log in to your domain homepage, according to your host provider;
- find the page for updating the DNS records (its name looks like “DNS Management” or similar);
- determine which domains you want to publish the SPF records;
- specify the Time To Live (TTL), you can either type 3600 or leave the default;
- save the changes to publish the SPF record into your DNS.
These changes can take up to 48 hours to start their effects. If you are not acquainted with these actions, contact your domain host or your technical support team.
4. Test your SPF record
The last step is all about verifying if the SPF record is working the way it is supposed to. To test your SPF record, follow these quick steps:
- look for an SPF record checker online (they are easily found by Search Engines);
- after chosen a tool, give your domain and validate your SPF record;
- if your SPF record is functioning, the SPF checker will show a screen with your domain name, as well as the email accounts and IP addresses that are allowed to send messages on your behalf;
- make sure your SPF record doesn’t exceed the limit of 10 lookups.
If you see all these requirements, your SPF record is correctly configured. Consequently, your domain and sending IP address are safe.
When you need to include new addresses in your SPF records, you can always update the TXT file, according to the instructions given in this article. In case there are errors in your SPF record, wait 48 hours to update or fix it.
One last thing that you should be aware of. Every protocol or system for online security is not 100% accurate. There will always be flaws and bugs to be fixed, that’s why technology is frequently being updated.
Now that you learn how to create an SPF record, learn also how and why you should check email addresses validity to keep your domain and deliverability completely safe.