How to Correctly Setup Your SPF Record

//How to Correctly Setup Your SPF Record

In order to protect your brand, your employees and your business from phishing and spoofing attacks, it is vital to secure your emails. The first step is to properly authenticate your emails with SPF (Sender Policy Framework) which is an authentication protocol. The sole purpose of SPF is to correctly identify which IP addresses are allowed to send emails on behalf or your domain name.

This in consequence makes your domain name less interesting to fraudsters and reduces the risk of getting your domain name blacklisted by spam filters.

Thinking about setting up your own SPF record? Use the following step by step guide to set it up correctly.

1. Make a list of all IP addresses that are used to send your emails

First step in getting your domain setup with SPR record is to correctly identify and gather all IP addresses which are being used to send out emails from your domain. Many organisations use a variaty of software/servers to send out emails. It is important to get a list of all IP addresses, be sure to consider if your organisation may be using any of the following:

  • Website host (website server)
  • Internal Office Mailing Server (i.e. Microsoft Exchange)
  • Internet Service Provider mail server
  • Email Marketing software (i.e. Mailchimp, SendInBlue)
  • Any other third-party tools used to send out emails on your behalf

2. Make a list of all domain names that are used to send your emails

This step is more focused towards bigger organisations although it is important for every size company to make a note of this step. Maybe your company is using multiple domain names in order to send your emails out.

Even if your company is not using certain domains for emails, it is important to create SPF records for all of them. Keep in mind that criminals will try to attack all domains and pretend to send emails on your behalf.

3. Create the actual SPF record

SPF is required in order to correctly authenticate the email sender’s identity by comparing the senders mail server’s IP address against the pre-set list in the DNS records. Use the follow guide to correctly create your SPF record:

  • First step is to start with v=spf1 (SPF version 1) tag (i.e. v=spf1)
  • List all IP addresses which are authorised to send emails on your behalf. (i.e. v=spf1 ip4:198.187.28.88 ip4:198.187.28.87)
  • Add all third party domains here which you use for your email marketing campaigns (i.e. include:spf.sendinblue.com)
  • Lastly, add ~all or -all tag to the end of the record (i.e. ~all)
  • NOTE: SPF record has a limitation of 255 characters in lengh and cannot include more than ten include statements.
  • Your finished SPF record should look something like this: v=spf1 ip4:198.187.28.88 include:spf.sendinblue.com ~all
  • NOTE: For the domains which are not sending out any emails, create an empty SPF tag as follows: v=spf1 ~all

That’s it! That’s your SPF record created, now it’s time to add it to your DNS.

4. Add the SPF record to your DNS

Either contact your DNS server administrator or hosting provider and get your SPF records published.

If you want to do it yourself, you can easily add this record to your domain. Simply login to your domain DNS service provider (i.e. GoDaddy, 123-reg), navigate to the DNS settings, and add in your newly created SPF record as follows:

Type: TXT
Name: @
Value: SPF Record
TTL: 1 Hour

5. Test your settings

It is important to test that you have entered your SPF record correctly. Use the DNS lookup tool made by Google to verify that your TXT record is setup correctly.

Not sure how to do it yourself? Not to worry, we can help to secure your email from malicious activity. Simply send an enquiry through our contact form and we will getback to you.