How to create and publish SPF records?
You can create an SPF record manually or with the use of an online SPF record generator tool. The advantages of using a tool to create your record rather than doing it manually are:
- It's free
- It provides accurate results
- It helps you avoid human errors
Once you've figured out how you want to go about it, given below are the steps to get started.
1. Gather the List of IP Addresses That You Use for Sending Emails
As each SPF record corresponds to a distinct domain, start by compiling a list of all your domains. To safeguard them from abuse, ensure to include inactive (or “parked”) domains that don’t send an email.
Additionally, you must list all sources (third parties) who send emails on your behalf and everything else that sends emails from your domain(s). This comprises:
- Postal Servers (both web-based like Gmail or via your ISP and in-office like Microsoft Exchange)
- Companies that offer bulk email services and email marketing are called ESPs (Email Service Providers).
- Other services (such as payment processors, e-commerce services, support/ticketing systems, etc.)
2. Include All Sending Domains
Most businesses possess a wide variety of domains. Some of them are still dormant, while others are used for sending emails. Do they, therefore, need to use SPF to protect each of their domains? Yes, it is the answer. Let’s say the company decides to set up an SPF record just for its sending domains. In that instance, attackers will find the non-sending domains to be an easy target.
3. Create an SPF Record for Your Domain
- Specify the SPF version first. The version number always comes first in an SPF record. (v=spf1)
- All the IP addresses your company has permitted to send emails on behalf of your brand should follow the v=spf1 SPF version tag. v=spf1 ip4: xxx.xxx.xxx.xxx -all, for instance
- The next step is adding the tag for outside companies that have permission to send emails on your organization’s behalf. For instance, include: thirdpartydomain.com. (An example domain name is thirdpartydomain.com in this case). The significance of this tag is that it will list any third-party company authorized to send emails on your enterprise domain’s behalf. Consult the third-party organization to decide which domain you should put as the value of the include statement.
You can expedite this process by using an online SPF record generator tool.
4. Configure your level of enforcement
- After implementing all include tags and IP addresses, finish the record with an ~all, -all, or ?all tag.
- The -all tag denotes a hard failure, whereas the ~all tag indicates a soft failure.
- Any server may deliver emails from your organizational domain, thanks to the ?all tag. We do not advise utilizing this option as it leaves the server open to spoofing.
You can choose among the following modes:
- Fail (-all)
- Soft-fail (~all)
- Neutral (?all)
How to publish the SPF record on your DNS?
When you’re done with the generating process, you need to add the SPF record to your domain’s DNS.
Your DNS manager needs to publish an SPF record in your DNS. This may be an internal position inside your company, you could have direct access to a dashboard offered by your DNS provider, or you could request that they publish the record for you.
If you are publishing your record on your own,
- Access your DNS management console
- Open your Advanced DNS Editor
- Create a new record with the following specifications:
Type: TXT
TTL: 1 hour
Host: @
Value: [Your generated SPF record value]
- Save changes to your record
- Wait for 24 hours (or more depending on your DNS provider) to activate the protocol
Steps after publishing
Using an online SPF checker tool, you may validate your SPF record after publishing your record. This enables you to examine SPF records in a matter of seconds quickly and identifies any issues that may be impeding the effectiveness of your email authentication system.
How to check your SPF record?
To check your SPF record you can use an online SPF record lookup tool to make sure your record is devoid of errors, is functional, and configured properly.
Note that SPF alone cannot protect your domain against email-based attacks.
What is SPF? Free2 m
Video Introduction to SPF Free1 m 41 s- A Brief History of SPF Free1 m
- How does SPF work? Free2 m
- SPF Tags: Syntax of an SPF Record Explained Free3 m
- How to create and publish SPF records? Free2 m
- SPF Authentication Failures Free3 m
- Video Explanation: SPF PermError Free1 m 39 s
Quiz 430 m
- What is DMARC? Free1 m
- Video Introduction to DMARC Free1 m 15 s
- A Brief History of DMARC Free1 m
- How does DMARC work? Free2 m
- What is DMARC Policy? : None, Quarantine & Reject Free2 m
- Video Explanation: DMARC Policy Free1 m 40 s
- DMARC Tags Free2 m
- DMARC Aggregate (RUA) Reports Free3 m
- DMARC Forensic (RUF) Reports Free2 m
- How to Create and Publish a DMARC Record? Free3 m
- DMARC Authentication Failures Free3 m
- Video Explanation: Why does DMARC Fail? Free1 m 37 s
- Quiz 630 m