Recommendations for an SPF record
What is an SPF record and how is it composed?
What is an SPF record?
An SPF record, also called an SPF record, is a DNS record of type TXT that lists all mail servers of a domain that are authorized to send and thus clearly defines who is allowed to send e-mails. When an e-mail is sent, the receiving mail server uses the SPF record to check whether the sending mail server is authorized to send this e-mail on behalf of the domain at all.
Most mail service providers check the SPF entry upon receipt and reject e-mails that have no entry or an incorrect entry. In addition, the entry can have the effect that your e-mails are not so easily classified as spam. We therefore recommend that you always create an SPF entry.
Before you create the SPF record
Risks
Make sure that the SPF record is formulated and created without errors. Errors can cause emails to either be classified as spam or rejected. Which effect it has is ultimately at the discretion of the e-mail service provider, as each provider determines its own requirements regarding SPF records. Outlook, for example, rejects emails sent over IPv6 unless there is an SPF record. To check your SPF record and adjust it if necessary, we recommend using tools such as mxtoolbox, spf-record.com, or mail-tester.
Information and conditions for the SPF record
Since the SPF record can be structured in many different ways and must be formulated as precisely as possible, we draw your attention to any possible combinations. However, you do not have to have all of the servers or service providers listed below:
The IP addresses of all your clusters with us or with other hosters that are allowed to send emails on behalf of your domain. A list of any other servers or systems that are allowed to send email on behalf of your domain. This includes, for example, internal servers such as Exchange or notification services, additional service providers for SMTP sending, CRM systems, ticket systems or newsletter services.
In addition, you must consider the following points when constructing the SPF record:
- The SPF record may contain a maximum of 10 elements of type A, MX and Include in total.
- The SPF record can consist of either one or a combination of several elements.
- The order of the elements has no effect on the functionality of the entry. Only the v=spf1 must be at the beginning and the
~all
or the-all
at the very end.
Structure of an SPF record
Examples
Example 1:
The SPF entry for sending email only from your cluster looks like this:
v=spf1 a ~all
Thus, the entry refers to the IP address pointed to by your domain.
Notice: If you are using Cloudflare, you need to manually specify the IP addresses of your cluster hosting your domain.
In that case, the SPF entry may look like this:
v=spf1 ip4:185.88.XXX.YYY ip6:2a00:f48::XXX:YY:ZZ ~all
Example 2
This SPF record authorizes both your cluster and the mail server behind the MX record - regardless of where you host your mail domains - to send email on behalf of your domain.
v=spf1 a mx ~all
Example 3
In this example, in addition to your cluster and the mail server behind the MX record, Google servers are also authorized to send mail on behalf of your domain.
The entry after the "include" element is individual and will look different depending on your service provider accordingly. If you want to authorize your service provider to send emails, ask them what this entry should look like.
v=spf1 a mx include:_spf.google.com ~all
Our recommendation
All the above SPF entries in the examples can also end with a prohibition, that is, with -all
instead of ~all
. The purpose of a ~all
is that mail sent from servers not listed in the SPF entry is not necessarily rejected, but marked as suspicious. When using the -all
wording, these emails are more likely to be rejected by the incoming server, this also applies to forwarded mails.
We recommend that you use the SPF entry with ~all
. After you have created or edited the entry, please check if your emails arrive correctly. This way you can detect possible problems early and correct them.
Basically, an SPF entry is recommended because it authenticates the sender and thus improves e-mail delivery. However, despite the SPF entry, it cannot be ruled out that e-mails end up in spam. The content of your emails plays an important role, so you should always check and maintain your emails. To further secure your e-mail sending, we additionally recommend the configuration of DKIM.
If you have any further questions, please contact our support team at +49 5251 414130 or send an e-mail to support@maxcluster.de.