SPF Record Example

One of the most important records that we need to set up to make sure that our emails will be delivered fine is the SPF record. This a kind of DNS record widely used, in fact, all the websites that have their own email accounts need to use a record like this, otherwise, their email may never reach the destination.

What is an SPF record?

SPF is an acronym that comes from “Sender Policy Framework”. These records are used to tell which are the hosts that are authorized to send a domain’s email. Due to this, SPF is very important if we want our website’s email to work as it should. If we don’t properly set up our SPF record, then we are risking that our emails may never reach their destination.

Why are SPF records important?

SPF records are important because of two things: avoiding spoofing issues and avoiding spam issues.

Probably many of you have heard about email spoofing. What is email spoofing exactly? To make it simple, imagine that someone sends an email from any domain but their change the “from” field to your domain. That way, that person is sending an email pretending to be you. This could be used to get stole data from you if the recipient doesn’t realize what’s going on.

If you set up an SPF record, then you will be able to avoid a situation like that, which means that someone else won’t be able to spoof your identity to pretend to be you. Spoofing is a very common practice among spammers and people looking to stole date through phishing.

The other important topic regarding SPF records is being marked as spam. If your domain doesn’t have an SPF record set up, then most recipients will automatically mark your email as spam. Remember: SPF records tell which server (or servers) are allowed to send a domain’s email, so if the record is not there or is wrongfully set up then you’re in trouble.

Also, keep in mind that if you have an SPF problem and someones decides to spoof you to send spam or another kind of junk emails, your domain may get blacklisted, your IP may get blacklisted and you will probably have a lot of bounces from emails that you never sent in the first place. So to avoid all these problems is important that you keep an SPF record, and remember to update it if necessary when there are changes on the email side of your domain.

SPF record example and SPF syntax

So, how does exactly an SPF record work? To begin with, SPF is actually a TXT record, and you will use it to identify your SMTP server. Let’s take a look at an example:

mydomain.com. 14400 IN TXT "v=spf1 a include:mail.server.com ip4:111.222.333.444 -all"

What is that exactly? Let’s make a short description of every item:

mydomain.com: pretty self-explanatory, that’s the domain to which the SPF record belongs to.

14400: a standard TTL (Time to live). This is the time (in seconds) that must pass before the changes to a record completely take effect. A TTL of 14400 means that the DNS servers around the world will check the record every 4 hours. 3600 is another common TTL.

IN: the DNS class, in this case IN means “Internet”. There’s another class called Chaos (CH), but it doesn’t matter for us. 99% of the records out there use IN.

TXT: the kind of DNS record. TXT means that this is a text record. Nowadays all SPF records are TXT records, so keep that in mind when setting up your own SPF.

v=spf1: this will help identify the record as an SPF record. TXT records can be used for a lot of different purposes, so it’s important to have a way to identify which is the SPF record of the domain.

a: the letter “a” means that the host is authorized to send the emails of the domain. Remember that the domain is already specified in the first part of the record.include: the host specified here is authorized to send emails from the domain previously specified.

ip4: is the same as the include, but in this case, the host is an IP, not a host name like in the previous case.-all: this means that only the servers or hosts featured on this record are authorized to act as the SMTP server of the domain. Any other server should be considered a spammer.

SPF record mechanisms

There’s a few more mechanism that can be used by SPF record that we didn’t include in our SPF record example, but it is important to know them, so we’re going to include those here for reference.

all: this mechanism needs to be set up correctly, otherwise there could be some bad consequences. Basically, “all” tell if the host’s list of the record is inclusive or not. If we set it up as “+all”, then our SPF record is useless, because we’re telling that any server is authorized to send the emails.

The best we can do is to set it to “-all”, that will make the list inclusive and only the servers featured in the record will be able to act as SMTP.ip4: as we said, this one is used to specify an IPv4 address, though it can also be used to specify an entire range if we want.

ip6: much like the ip4, the ip6 is used to specify and IPv6. Works the same way as the ip4, but it’s designed for IPv6 addresses and ranges.a: this mechanism used to tell which is the host authorized to act as an SMTP, for example, “a:mail.myserver.com”

MX: very common in cPanel servers, this mechanism tells that the MX host is authorized to send the emails of the domain.

ptr: much like the MX mechanism, but in this case is used with the PTR host.exists: is not used very often, but it can be used to mark a domain as an exception in the SPF record. Is used as “exists:domainx.com”

include: used to tell which other host names are authorized to act as the domain’s SMTP server/s.

SPF record modifiers

Modifiers are not used often, and only one can be used in each SPF record. The most common modifier is “redirect”, which is used to replace the SPF of a domain with the SPF of another domain.

It’s very useful in case you want to apply the same SPF record to different hosts/domains. It’s used like this: “redirect=exampledomain.com”. This means that your domain will use the same SPF as “exampledomain.com”.

Another modified is called “exp” and is used to provide an explanation if an SPF query fails.

It uses the following format: “exp=[string]”, with [string] replacing the real macro string that is going to be used of course. This kind of modifier can be used to return more information regarding the error that has been found, which can be done in plain text or by giving the user a link to a web page that provides more details.



Leave a Reply