• Contact Us
  • Pricing
  • Search
  • Register
  • Login
  • DNS Tools
    • MX Records
    • A Records
    • CNAME Record
    • PTR Record
    • SPF/TXT Records
    • NS Records
  • Domain Tools
    • ARIN Records
    • WHOIS Records
  • Blacklists
    • Blacklist Checker
    • Whitelist Checker
    • Email Blacklist Removal Tool
  • Email Tools
  • Port Scans
  • Other Tools
    • IP Tools
      • IP Address Converter
      • IP Address Locator
      • IP Range To CIDR
    • Chrome Extension - Email Deliverability Checker
  • Blog
    • First Time Sender
      • Email Certification
      • Email Throttling
      • IP Warming
    • Formatting Emails
      • For Browsers
      • For Devices
      • For Email Clients
    • How To Avoid
    • How To Set Up
    • Mail Tester Guide
      • Email Headers Explained
      • MX Records, PTR Records, and Reverse PTR Records AKA rDNS
      • RFC Syntax Checking
      • Email Port Checks
      • SPF Record and Alignment
      • DKIM Signatures and Alignment
      • DMARC Checker
      • Mail Tester Test Tool
    • Measuring Peformance
      • Bounces
      • Clickthrough Rates
      • Open Rates
    • Related Resources
    • Rules to Follow
      • Can Spam Act
      • Postmaster Guidelines
  • Member Services
    • Members Area
    • Blacklist Monitoring
    • Complete Monitoring Solution
    • Domain Name Monitoring
    • Feedback Loop Submissions
    • Full Port Scan Monitoring
    • Mail Tester Pro Tool
    • Mail Miner
    • Spam Detector Toolbox
    • Trusted Sender Site Seal

SPF Record - Sender Policy Framework


The SPF record is an open standard designed to prevent sender address forgery. Think of it as email authentication and with this you can decide who is allowed to send emails on your behalf from your domain name.

The domain owner publishes the policy and the server that receives the email can check to make sure its valid based on the receiving server policies.

Experimental Specification: RFC 4408

SPF Record is one of the single most important and easiest things to set up to ensure email delivery.


Here's an example of an SPF record we use at www.unlocktheinbox.com

"v=spf1 a mx a:mail.unlocktheinbox.com a:unlocktheinbox.com ip4:168.144.32.45 ip4:216.120.236.99 ~all"

You can verify the record by simply going to Unlock The Inbox SPF Tool

The above record means:
SyntaxDefinition
v=spf1This identifies the TXT/SPF record as an SPF string
ip4:168.144.32.45IP address 168.144.32.45 is allowed to send mail from unlocktheinbox.com
ip4:216.120.236.99IP address 216.120.236.99 is allowed to send mail from unlocktheinbox.com
aunlocktheinbox.com's IP address is 216.120.236.99 and is allowed to send mail.
mxunlocktheinbox.com has one MX server, unlocktheinbox.com.
a:mail.unlocktheinbox.commail.unlocktheinbox.com is also allowed to send mail from unlocktheinbox.com
~allSPF queries that do not match any other mechanism will return "softfail".


The above record is a little overkill. We specify the same thing a few different ways to provide this example.

Now you’re most likely asking, "How do I set mine up?" That's the easy part. First, you will need to create your SPF Record and once you have done that you need to add it to your DNS records. Your DNS records might be managed by your hosting provider, a third party provider or on your own servers.

What’s all this talk about TXT (TYPE 16) and SPF (TYPE 99) Records types in DNS?


When SPF authentication was first developed, it was developed and used in DNS under the TXT record (TYPE 16). In 2005 a new record type was added as an alternative to store the "SPF Authentication" string in TXT. This new record type in DNS is called the SPF Record (TYPE 99). Going forward when SPFv3 becomes a standard they will only look at the DNS SPF Record (TYPE 99), for SPF Authentication.

Currently not many hosting companies, DNS providers, etc., have support for TYPE 99 "SPF records" built in. But it's growing and hopefully more and more of these companies will update their software to allow the creation of SPF (Type 99) records.

The standards state in section 3.1.1, that ideally you want both an SPF (TYPE 99) and TXT (TYPE 16) records to contain your Authentication String to be considered "SPF-Compliant" and they must match. If you only have the ability to add just one type, you are still "Compliant", just not "SPF-Complaint". Of all the emails we currently tested, only a very small percentage is actually "SPF-Compliant".

SPF (TYPE 99) is now obsolete and shouldn't be implemented anymore.

SPF Record - How to Generate them.


The easiest way to do this is to use the Unlock the Inbox SPF Wizard and fill out the questionnaire. If you're having trouble or you're not sure how to answer the questions or need more examples you can always look up what other websites do for their SPF Records using our tool at Unlock The Inbox SPF Tool.

On the bottom of the Open SPF Wizard, after it generates your SPF Record, there will be instructions on how to add those records to your DNS.

According to the standards in section 3.1.1, you should create both a TXT and SPF Record types with identical content. Having one of these record types make you compliant, but it's better to publish both, if you are able.

Once those records are added to your DNS you can send an email to "mailtest@unlocktheinbox.com" and it will return the results letting you know the status of SPF, DKIM, Sender ID, and Spam Assassin checks.

Source: Unlock The Inbox

Copyright © 2018 Unlock The Inbox