The SPF record is an open standard designed to prevent sender address forgery. Think of it as email authentication and with this you can decide who is allowed to send emails on your behalf from your domain name.
The domain owner publishes the policy and the server that receives the email can check to make sure its valid based on the receiving server policies.
Experimental Specification: RFC 4408
This is One of the Single Most Important and Easiest Things to Set Up to Ensure Email Delivery.
Here's an example of an SPF record we use at www.unlocktheinbox.com
"v=spf1 a mx a:mail.unlocktheinbox.com a:unlocktheinbox.com ip4:22.214.171.124 ip4:126.96.36.199 ~all"
You can verify the record by simply going to Unlock The Inbox SPF Tool
The above record means:
|v=spf1||This identifies the TXT/SPF record as an SPF string|
|ip4:188.8.131.52||IP address 184.108.40.206 is allowed to send mail from unlocktheinbox.com|
|ip4:220.127.116.11||IP address 18.104.22.168 is allowed to send mail from unlocktheinbox.com|
|a||unlocktheinbox.com's IP address is 22.214.171.124 and is allowed to send mail.|
|mx||unlocktheinbox.com has one MX server, unlocktheinbox.com.|
|a:mail.unlocktheinbox.com||mail.unlocktheinbox.com is also allowed to send mail from unlocktheinbox.com|
|~all||SPF queries that do not match any other mechanism will return "softfail".|
The above record is a little overkill. We specify the same thing a few different ways to provide this example.
Now you're most likely asking How Do I Set Mine Up? That's the easy part. First, you will need to create your SPF Record and once you have done that you need to add it to your DNS records. Your DNS
records might be managed by your hosting provider, a third party provider or on your own servers.
Whats all this talk about TXT (TYPE 16) and SPF (TYPE 99) Records types in DNS?
When SPF authentication was first developed, it was developed and used in DNS under the TXT record (TYPE 16). In 2005 a new record type was added as an alternative to store the "SPF Authentication"
string in TXT.
This new record type in DNS is called the SPF Record (TYPE 99). Going forward when SPFv3 becomes a standard they will only look at the DNS SPF Record (TYPE 99), for SPF Authentication.
Currently not many Hosting Companies, DNS Providers, etc have support for TYPE 99 "SPF records" built in. But it's growing and hopefully more and more of these companies will update their software to allow the creation of SPF (Type 99) records.
The standards state in section 3.1.1, that ideally you want both an SPF (TYPE 99) and TXT (TYPE 16) records to contain your Authentication String to be considered "SPF-Compliant"
and they must match. If you only have the
ability to add just one type, you are still "Compliant"
, just not "SPF-Complaint"
. Of all the emails we currently tested, only a very small percentage is actually "SPF-Compliant"
Generating Your SPF Record
The easiest way to do this is to use the Unlock the Inbox SPF Wizard
and fill out the questionaire. If you're having trouble or you're not
sure how to answer the questions or need more examples you can always look up what other websites do for their SPF Records using our tool at Unlock The Inbox SPF Tool
On the bottom of the Open SPF Wizard, after it generates your SPF Record, there will be instructions on how to add those records to your DNS.
According to the standards in section 3.1.1, you should create both a TXT and SPF Record types with identical content. Having one of these record types make you compliant, but it's better to publish both, if you are able.
Once those records are added to your DNS you can send an email to "firstname.lastname@example.org"
and it will return the results letting you know the status of SPF, DKIM, Sender ID, and Spam Assassin checks.
Source: Unlock The Inbox