Overview
The Sender Policy Framework (SPF) is an open standard used to validate what servers are allowed to send email using your domain name. This is to help cut down the opportunity for a 3rd party to send spam or phishing email using your domain, as their mail servers won’t be authorised. However, if you don’t configure the record correctly, it could also mean that your email will also be rejected. You need to ensure that every system you send through (especially if it’s via a 3rd party) has been explicitly authorised to send.
SPF is controlled by a TXT based DNS record, which will look something like:
v=spf1 a mx include:_spf.google.com include:spf.mandrillapp.com ~all
This breaks down to:
- The v=spf1 indicates that it’s using version 1 of the SPF standard
- a mx means that all records for your domain which have an A or MX DNS record (eg www.yourdomainname.com.au and mail.yourdomainname.com.au) have been explicitly allowed.
- The include specifies to include SPF records for a 3rd party provider. In this example there are two includes, one for Google (_spf.google.com), and one for Mandrill (spf.mandrillapp.com). You can have multiple includes so that you incorporate all third party services.
- And finally, the ~all indicates what to do with messages what to do with messages which don’t match. The tilde (~) means softfail, which tags rather than outright rejects. If you’re sure you have all authorised mailservers listed, you can set this to a minus (-) which is a hardfail (outright rejection of all other emails).
If you use Conetix for your email and DNS, there’s nothing further you need to add. Our system automatically sets the correct SPF DNS record for your domain. For those using an external service for either their main email or email marketing lists (or both), you’ll need to modify the existing record to authorise the third party. Below are references to the major 3rd parties and the required records:
Google Workspace
The required additional include is:
include:_spf.google.com
Further assistance: https://support.google.com/a/answer/10684623?hl=en
Office 365
The required additional include is:
include:spf.protection.outlook.com
Further assistance: https://technet.microsoft.com/en-au/library/dn789058%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396
MailChimp
The required additional include is:
include:servers.mcsv.net
Further assistance: https://mailchimp.com/en-au/help/set-up-email-domain-authentication/
Zoho
The required additional include is:
include:zoho.com
Further assistance: https://www.zoho.com/mail/help/adminconsole/spf-configuration.html
Mailchimp Transactional Email (Mandrill)
The required additional include is:
include:spf.mandrillapp.com
Further assistance: https://mailchimp.com/developer/transactional/docs/authentication-delivery/
Campaign Monitor
The required SPF records will be available within your account. You can use the following guide for further information: https://help.campaignmonitor.com/use-your-own-domains
Other Systems
For all other third party systems, you’ll need to consult your provider to find out what SPF records need to be added. They should have this information available within their support area or within your account area for you to follow.
Validation
You can use an external tool to validate your SPF record in order to ensure it’s correct. If you’ve only just edited the record, we recommend waiting 10 minutes to ensure the DNS has been updated before testing the validators.
If you need assistance with this, please don’t hesitate to contact our support team who will be able to update these records on your behalf.