Email Deliverability 101: SPF Records
An SPF record is vital to email sending. It is part of a multi-pronged approach by companies to set up sender authentication for their brand’s domain(s). Sender authentication means securing the domains you use to send emails by setting up proper and valid DNS records. Taking the steps to authenticate your sender domain is one of the primary ways you can best protect and secure your company’s brand and reputation when sending email.
These important DNS records show receiving email servers that you are authorized to send from your domain. This means that with your From Address and DNS records, you are proving that it’s really you/your company.
Best practices for JangoMail users and all email senders include setting up four email industry-standard DNS records that include an SPF record, DKIM record, CNAME record (for tracking), and DMARC record.
In this article, we discuss what you need to know about SPF records.
An SPF (Sender Policy Framework) record is an email authentication protocol that checks a message’s sending IP against the IPs listed in its SPF record. It protects your domain and your sending reputation. SPF specifies the mail servers/IP addresses that are allowed to send emails for your domain. Email authentication for your domain helps prevent spoofing and phishing.
How SPF works
When you send an email message, the receiving mail server will check the sending IP address. It will then check to see if the sending IP address is in the sending domain’s list of IP addresses in the domain’s SPF record. If the IP address is not listed, this results in an SPF fail.
SPF failure can happen for several reasons, including:
- IP address not listed
- Too many DNS lookups
- Multiple SPF records found for domain
- SPF record not formatted correctly
- Unable to resolve domain name
- No SPF record present
To avoid SPF failure, be sure to include all servers and applications that send mail for your domain.
In most cases, receiving mail servers will not deliver a message that fails the SPF check. The message will either be blocked, sent to spam, or accepted but not delivered. If you send emails without proper SPF, you can cause your sending IPs to get blacklisted.
How to create your SPF record
This is a TXT record that is published in your domain’s DNS hosting provider by someone that manages your domain, usually the IT department.
- Make a list of all email servers that send emails for your domain
- Begin the TXT entry with the SPF version tag: v=spf1
- Add all IP addresses that are authorized to send mail on your behalf (ex: ip4:220.127.116.11)
- Add third-party providers by using the include tag. To authorize JangoMail, you will add include:jangomail.com
- Add in your own servers. This is typically covered by adding “a” and “mx“
- Finish the record with the “all” mechanism at the very end. An ~all tag indicates a soft SPF fail while an -all tag indicates a hard SPF fail. In the eyes of the major mailbox providers ~all and -all will both result in SPF failure. JangoMail recommends an -all as it is the most secure record.
If you do not already have an SPF record, your new SPF record to authorize JangoMail should look like this:
v=spf1 include:jangomail.com a mx -all
If you already have an SPF record, then you simply need to edit your existing record and add “include:jangomail.com”. The newly edited record may look like this:
v=spf1 include:outlook.com include:jangomail.com a mx -all
To get a list of your sending domains, log into your JangoMail account and use the JangoMail Delivery Optimizer tool.
We hope this article has helped you understand how important an SPF record is for your email deliverability. It is one of the first things you should set up before you start sending emails and should be monitored regularly.
If you have any questions, contact the JangoMail Support Team. We would be happy to help review your SPF record and work with you to set it up properly!