Library

DNS SPF settings for email

The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely, the current version of SPF (called SPFv1 or SPF Classic) protects the envelope sender address, which is used for the delivery of messages.

Even more precisely, SPFv1 allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together: (1) the domain owner publishes this information in an SPF record in the domain’s DNS zone, and when someone else’s mail server receives a message claiming to come from that domain, then (2) the receiving server can check whether the message complies with the domain’s stated policy. If, for example, the message comes from an unknown server, it can be considered a fake.

Once you are confident about the authenticity of the sender address, you can finally “take it for real” and attach reputation to it.

Because Online Advantage (OA) is sending many tens of thousands of emails on behalf of our cloud-based customers it is recommended that clients have their IT support team add in an SPF entry to the DNS of any domain used for sending email from OA. Doing so will ensure a higher success rate.

To include the OA mail server on your domain a DNS entry is required to show it as a valid sending server. You might need to do ask your IT Support to assist with editing your DNS to include the ‘SPF’ setting. It’s not something OA can do for you as we do not have access to the DNS settings for your domain.

Your SPF record will inform other mail servers how to check that an email from your domain is being sent from a valid server. To add the DNS entry, you will need to gain access to your domain’s DNS and publish your SPF record there. It’s important to know that a SPF record will live in your DNS as a text record (also known as a TXT record). For that TXT entry, the appropriate “Name” to use is: @

If you do not have a SPF entry already in place for your domain, we suggest you have the following entry added ASAP:

v=spf1 include:_spf.rackcorp.com -all

However it is likely that you already have a SPF entry on your DNS for your other mail servers. In this case, you should edit the existing SPF record and add in the OA mail server entry as follows:

include:_spf.rackcorp.com

How you add the ‘SPF’ entry above to your DNS record depends on who you host your domain with. Some general (technical) details on the SPF record syntax can be found here: http://www.open-spf.org/SPF_Record_Syntax/

If you’re using Microsoft Office 365 for cloud-based email then this link should assist: https://docs.microsoft.com/en-us/office365/SecurityCompliance/set-up-spf-in-office-365-to-help-prevent-spoofing#Anchor_0

If you’re using the Microsoft 365 cloud platform (Office 365) then you can easily navigate to the “Domains” section of the admin portal and add a custom ‘TXT’ record using the details above. Please see the screen shot example below as a guide.

For other DNS providers (e.g.Google, GoDaddy, WebCentral, Cloudflare, Namecheap, DNS Made Easy etc.) we’d suggest checking their support and help portal for details on adding a TXT entry to the DNS if you don’t have any IT support people to assist.

Once the ‘SPF’ entry is in place, mail servers that are checking the domain records should allow email to be delivered. To check this setting is working for a given receiving mail server (customer domain) we suggest you manually email a reprint of a statement or invoice to the customer as a test and ask them to confirm receipt.

Ask a Question or Leave a Comment

Your email address will not be published. Required fields are marked *

To top