What is SPF? Learn all about the Sender Policy Framework.
- Lucas H.
- May 30, 2022
- 3 min read
The Sender Policy Framework (SPF) is an email authentication technique, which is used to stop spammers from sending messages from your domain.
An organization can use SPF to publish authorized mail servers. This information is combined with DMARC information to give the receiver (or the receiving systems) information about how trustworthy an email's origin is.
SPF, like DMARC, is an email authentication technique that uses DNS. This allows you to control which email servers can send your email for your domain.
Why is SPF important?
SPF records are crucial for email security. They ensure that your domain only sends emails from verified servers. Although SPF isn’t perfect, it can greatly improve your email security. Let's take a look at the benefits of strong SPF email policy.
Increase deliverability
Spam attackers can't use your domain to send email from your email server when you have SPF. This prevents your domain from being blacklisted globally, and improves your mail server's overall deliverability.
Prevent email spoofing
Creating an SPF record helps to verify the IP address of the sender and compares it to the domain owner.
Increases domain reputation
SPF email policies give your domain a higher reputation. It also shows other blacklist servers that you are committed to email security. This greatly reduces the chances of your outbound mails being falsely marked as spam and improves your standing within firewalls and other cybersecurity databases.
How does the SPF actually work?
Servers that receive messages verify SPF by querying a domain's Return Path value in the email headers.This Return-Path is used by the recipient server to verify that there is a TXT file in the sender’s DNS server.If SPF is enabled, it will list all servers mail can be sent from.The SPF check will fail if that IP is not included in the list.
This will occur before the recipient receives the body of the message. The email sent from the server that isn't listed in the SPF records from a particular domain will be marked suspicious and may be rejected by the recipient.
How can you create the SPF record?
If you use an email service provider to send emails, and wish to add them to your SPF record, it is easiest to search their help documentation to locate the correct SPF information for your sending services.
It is quite normal for brands not to have just one email tool, but several. It's common for transactional emails, newsletters and emails from your help desk to come from multiple sources. You'll need to add all of them to your SPF records.
However, a domain can only have one SPF text record. You can add another sender to an existing record if you wish. Do not create a new record. This is a common mistake that can cause SPF servers to fail. Instead, you should create a SPF record with three senders (in this example, Postmark, ActiveCampaign and G suite)
v=spf1 a mx include:spf.mtasv.net include:emsd1.com include:_spf.google.com ~all Changing your domain's DNS settings
Let's now add your new SPF record to your DNS settings! This can be done by going to your hosting provider and changing the DNS settings. The process may look slightly different depending upon your hosting provider. In this example, we will use Hostinger.
Log in to your hosting provider and navigate directly to the DNS settings for your domain.
You can create new DNS records here. Select TXT as the Type and add "@" to Host. Copy your SPF record from the above into the value field.
And that's it. You're finished. But remember that SPF has its limitations.
It's therefore important to ensure that SPF is not the only form of email security. Having proper DKIM records and DMARC records is key to ensuring that mail security is maintained on all fronts.
Comments