The Sender Policy Framework (SPF) is an open standard used to validate what servers are allowed to send email using your domain name. This is to help cut down the opportunity for a 3rd party to send spam or phising email using your domain, as their mail servers won’t be authorised. However, if you don’t configure the record correctly, it could also mean that your email will also be rejected. You need to ensure that every system you send through (especially if it’s via a 3rd party) has been explicitly authorised to send.

SPF is controlled by a TXT based DNS record, which will look something like:

v=spf1 a mx include:_spf.google.com include:spf.mandrillapp.com ~all

This breaks down to:

  • The v=spf1 indicates that it’s using version 1 of the SPF standard
  • a mx means that all records for your domain which have an A or MX DNS record (eg www.yourdomainname.com.au and mail.yourdomainname.com.au) have been explicitly allowed.
  • The include specifies to include SPF records for a 3rd party provider. In this example there are two includes, one for Google (_spf.google.com),  and one for Mandrill (spf.mandrillapp.com). You can have multiple includes so that you incorporate all third party services.
  • And finally, the ~all indicates what to do with messages what to do with messages which don’t match. The tilde (~) means softfail, which tags rather than outright rejects. If you’re sure you have all authorised mailservers listed, you can set this to a minus (-) which is a hardfail (outright rejection of all other emails).

If you use Conetix for your email and DNS, there’s nothing further you need to add. Our system automatically sets the correct SPF DNS record for your domain. For those using an external service for either their main email or email marketing lists (or both), you’ll need to modify the existing record to authorise the third party. Below are references to the major 3rd parties and the required records:

Google / Gmail

The required additional include is:


Further assistance: https://support.google.com/a/answer/178723?hl=en

Office 365

The required additional include is:


Further assistance: https://technet.microsoft.com/en-au/library/dn789058%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396


The required additional include is:


Further assistance: http://kb.mailchimp.com/accounts/email-authentication/set-up-custom-domain-authentication-dkim-and-spf


The required additional include is:


Further assistance: https://www.zoho.com/mail/help/adminconsole/spf-configuration.html


The required additional include is:


Further assistance: https://mandrill.zendesk.com/hc/en-us/articles/205582267-About-SPF-and-DKIM

Campaign Monitor

The required additional include is:


Further assistance: https://www.campaignmonitor.com/forums/topic/8239/authentification-spf-record/

For all other third party systems, you’ll need to consult your provider to find out what SPF records need to be added.

We will be publishing guides on how to edit these records directly from our Control Panel. If you need assistance with this, please don’t hesitate to contact our support team who will be able to update these records on your behalf.

Was this article helpful?

Related Articles