Do I need SPF, and how do I set it up?

domain-name-system mx-record spf
8,153

Solution 1

SPF doesn't care about clients, it is about the question "which server is allowed to send mails coming from my domain?"

Assuming you own the domain example.org:

  • A) It's not important where you send your mails from. It's important that your mailserver has SPF records that match your mailserver.
  • B) Google.
  • C) It's typical to trust the A and MX record resolving to that domain, so: v=spf1 a mx -all

Solution 2

First, SPF is just a DNS record for your domain, that specifics which servers can send e-mail for your domain. If a receiving e-mail server also supports SPF it will check this record and follow the actions you set in your record.

The most common effect is that less people can send spam where the spam claims to be from you. Sometimes mail servers are configured so that they will not accept e-mail unless the sending domain has an SPF record; but this is rare.

In all cases the choice to use an SPF record lies ultimately in the receiving server.

If you use Google Apps to send e-mail you can create a SPF record for your domain like this:

TXT "v=spf1 include:_spf.google.com -all"

You have to contact whoever hosts the DNS for your domain, and tell them you want to add that record. Many hosting providers have an easy to configure tool for setting this up; if not call the; they'll know what you're talking about.

Solution 3

To give Google permission to send email on your behalf add the following to your spf txt record.

include:_spf.google.com

Also with issue C, don't use the ISPs smtp servers. Set up each client to relay through Google's mail servers the details on how to do that can be found here.

Solution 4

You add a TXT record to your DNS zone file. eg.

IN      1H      TXT     "v=spf1 ip4:<sendingSmtpServerIpAddress> a mx -all"

This will allow all MX servers defined for your zone to send "a mx" and also one that hasn't got an MX record using "ip4:".

Of course you can remove elements you don't need and cater the record for your implementation.

Share:
8,153

Related videos on Youtube

AdrianM
Author by

AdrianM

Hello, world! I enjoy using my experience to help others. That is why I am active at a number of other sites in the StackExchange network on topics that interest me. I'm something of a Swiss army knife both professionally and in private, able to juggle a wild variety of things at once. I've worked in every kind of business that uses software. I'm also very good with tools, both IT and mechanic. Whether you need software design or assembling some IKEA furniture, I'm your man for the job. I'm generally soft-spoken but driven by clear principles. I'm a twin, I've lived in five countries, I speak four languages fluently and two more embarrassingly. Also, being a father routinely develops my patience which is useful for moderating on StackExchange too. To learn more about me, see my Google+ profile.

Updated on September 17, 2022

Comments

  • AdrianM
    AdrianM almost 2 years

    I've read that SPF is a way to ensure that spam sent in my name is evidently fake, and I'd like to use that. How do I set up SPF? Or is it already in effect? I have two domains hosted on Dreamhost.com, and I use Google Apps to read mail on both domains (separately).

    I have used this tool to check if SPF is present for my domains. One domain has SPF, one doesn't.

    But it gets more complicated than that:

    A) The domain with SPF uses Dreamhost as MX. Mail accounts on this domain are set up to forward to specific Google Apps accounts.

    • Is my SPF ignored when sending mail from Google Apps?

    B) The domain without SPF uses Google as MX. I want to add SPF to this domain.

    • Can I add SPF under this domain's DNS records, or should this be done at Google (outside my control)?

    C) Further, the users are in several countries using several ISP's. Some don't use the Gmail web interface but rather a mail client (Thunderbird, Outlook). So it's really difficult to say which IP addresses are "ours". This goes for both domains.

    • What IP addresses can/should/must I (not?) specify in my SPF records?
  • AdrianM
    AdrianM almost 14 years
    Can I combine this with Chris' answer? So it would be v=spf1 a mx include:_spf.google.com -all?
  • Philip
    Philip almost 14 years
    @torbengb, Yes, the TXT record has to start with "v=spf1" and end with something like "-all" (there are others, but you probably want that one". The stuff in the middle can be lots of stuff, each white space separated. Putting "a" and "mx" and "include..." will specify a lot though; probably more than you want, but it will work.
  • Cry Havok
    Cry Havok over 11 years
    Don't use mx - not only is it not always right, but the overheads can be significant. Also, using a isn't always right either. The SPF mailing list can expand significantly on why your recommendations are all to often bad ones.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to define TXT SPF record with multiple senders
How to resolve SPF configuration to allow Google sending mails?
What does MX in SPF mean?
How to include multiple spf domains with different mechanisms in a single spf TXT Record
Are SPF needed for domains that do not send mails and do not have MX record?
Combining multiple SPF records - SenderID - kind of lost
Email forwarding and CNAME records
Dynamic IP and MX Record
Multiple SPF domains in SPF DNS record. To MX or not MX?
SPF Records - mechanism not recognized by this client. unknown mechanisms: