Your IP Address: 50.19.144.243
Located Near:
Resources
 Can Spam Act
 Securing Your Server
 How Email Works
 Email Statistics
 
How To Set Up
 DMARC Records
 SPF Records
 MX Records
 PTR Records
 DomainKeys
 DKIM Signatures
 Sender ID
 ADSP Records
 Feedback Loops
 SRS
 
Verifying Your
 Email Authentication
 Identifier Alignments
 
How To Avoid
 Spam Filters
 Being Blacklisted
 Losing Reputation
 Being an Open Relay
 
Formatting Email
 For Email Clients
 For Devices
 For Browsers
 
What Are Email
 Bounces
 Opens Rates
 Clickthrough Rates
 Email Headers

Sender Policy Framework


The SPF record is an open standard designed to prevent sender address forgery. Think of it as email authentication and with this you can decide who is allowed to send emails on your behalf from your domain name.

The domain owner publishes the policy and the server that receives the email can check to make sure its valid based on the receiving server policies.

Experimental Specification: RFC 4408

This is One of the Single Most Important and Easiest Things to Set Up to Ensure Email Delivery.


Here's an example of an SPF record we use at www.unlocktheinbox.com

"v=spf1 a mx a:mail.unlocktheinbox.com a:unlocktheinbox.com ip4:168.144.32.45 ip4:216.120.236.99 ~all"

You can verify the record by simply going to Unlock The Inbox SPF Tool

The above record means:
SyntaxDefinition
v=spf1This identifies the TXT/SPF record as an SPF string
ip4:168.144.32.45IP address 168.144.32.45 is allowed to send mail from unlocktheinbox.com
ip4:216.120.236.99IP address 216.120.236.99 is allowed to send mail from unlocktheinbox.com
aunlocktheinbox.com's IP address is 216.120.236.99 and is allowed to send mail.
mxunlocktheinbox.com has one MX server, unlocktheinbox.com.
a:mail.unlocktheinbox.commail.unlocktheinbox.com is also allowed to send mail from unlocktheinbox.com
~allSPF queries that do not match any other mechanism will return "softfail".


The above record is a little overkill. We specify the same thing a few different ways to provide this example.

Now you're most likely asking How Do I Set Mine Up? That's the easy part. First, you will need to create your SPF Record and once you have done that you need to add it to your DNS records. Your DNS records might be managed by your hosting provider, a third party provider or on your own servers.

Whats all this talk about TXT (TYPE 16) and SPF (TYPE 99) Records types in DNS?


When SPF authentication was first developed, it was developed and used in DNS under the TXT record (TYPE 16). In 2005 a new record type was added as an alternative to store the "SPF Authentication" string in TXT. This new record type in DNS is called the SPF Record (TYPE 99). Going forward when SPFv3 becomes a standard they will only look at the DNS SPF Record (TYPE 99), for SPF Authentication.

Currently not many Hosting Companies, DNS Providers, etc have support for TYPE 99 "SPF records" built in. But it's growing and hopefully more and more of these companies will update their software to allow the creation of SPF (Type 99) records.

The standards state in section 3.1.1, that ideally you want both an SPF (TYPE 99) and TXT (TYPE 16) records to contain your Authentication String to be considered "SPF-Compliant" and they must match. If you only have the ability to add just one type, you are still "Compliant", just not "SPF-Complaint". Of all the emails we currently tested, only a very small percentage is actually "SPF-Compliant".

Generating Your SPF Record


The easiest way to do this is to use the Unlock the Inbox SPF Wizard and fill out the questionaire. If you're having trouble or you're not sure how to answer the questions or need more examples you can always look up what other websites do for their SPF Records using our tool at Unlock The Inbox SPF Tool.

On the bottom of the Open SPF Wizard, after it generates your SPF Record, there will be instructions on how to add those records to your DNS.

According to the standards in section 3.1.1, you should create both a TXT and SPF Record types with identical content. Having one of these record types make you compliant, but it's better to publish both, if you are able.

Once those records are added to your DNS you can send an email to "mailtest@unlocktheinbox.com" and it will return the results letting you know the status of SPF, DKIM, Sender ID, and Spam Assassin checks.

Source: Unlock The Inbox

Sponsored Links