How to: Create an SPF Record

What is an SPF record?

A Sender Policy Framework (SPF) is a way to explicitly define which mail servers are allowed to send email for your domain name, and by virtue of that, which servers cannot!

So, an SPF Record is simply a TXT record added to DNS zone file for your domain. The details of the record must be very precise in order to function properly as an SPF.

NOTE: TXT records in Hover are currently limited to a 255 character max. If the SPF record is longer than 255 characters, they won't be able to create this records in their DNS zone file.

Here is an example SPF record:

An SPF record is created the same way as any TXT record, using the hostname @ symbol.

The Value is what differentiates an SPF record from other TXT records.

What the different parts of the SPF record mean:

Using the above image as an example of an SPF record:

  • v=spf1
    Defines this as an SPF record (Required to be at the beginning of the value for each SPF record)
  • a
    Allows a mail server at the IP address defined in the A record in the DNS zone file to send email
  • mx
    Allows the mail server defined in the MX record in the DNS zone file to send email
  • -all
    Specifies that all emails sent through a different server than those already listed as "ok" will return a code of “hardfail”. The email will NOT be delivered, and instead, generate a bounceback email. If you want to force a “softfail” instead (which allows the email sent through the different mail server to be delivered), change the “-all” to “~all”. With the “~all” in place, the email will be tagged as suspicious, but still be delivered to the recipient.

 

Here are some SPF record configuration options:

To specify a single IPv4 address that can send

  • v=spf1 ip4:204.200.197.197 -all
  • Would allow mail to be sent from a mail server at the IP address 204.200.197.197 only. Mail sent from mail servers on any other IP address would not be delivered, and the sender would receive a bounce message. If no prefix-length is given, /32 is assumed (singling out an individual host address).

To specify a range of IPv4 addresses which can send email

  • v=spf1 ip4:192.168.0.1/16 -all
  • Allows mail to be sent from any IP address between 192.168.0.1 and 192.168.255.255.

To specify a mail server that can send

  • v=spf1 mx:mx1.domain.com  -all
  • Would allow mail to be sent from a mail server named mx1.domain.com. Mail from any other mail server would not be delivered, and the sender would receive a bounce message.

To specify mulitple things in one SPF record

  • v=spf1 a mx ip4:204.200.197.197 mx:mx1.domain.com  -all

To make it so the domain cannot send mail at all

  • v=spf1 -all

To specify a single IPv6 address that can send

  • v=spf1 ip6:1080::8:800:200C:417A -all
  • Would allow mail to be sent from a mail server at the IP address 204.200.197.197 only. Mail sent from mail servers on any other IP address would not be delivered, and the sender would receive a bounce message. If no prefix-length is given, /128 is assumed (singling out an individual host address).

To specify a range of IPv6 addresses which can send email

  • v=spf1 ip6:1080::8:800:200C:417A/96 -all
  • Allows mail to be sent from any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF.

To specify another domain which can send email for your domain

  • v=spf1 include:anotherdomain.com  -all
  • Allows mail to be sent from another specific domain (anotherdomain.com in this case) on behalf of the domain which has this SPF record in its DNS zone file. ***In order for this to work, anotherdomain.com must have a valid SPF record in its own DNS zone file.***
Was this article helpful?

Still need some help? Submit a Request.