Skip to main content
Sign in Go to

SPF records

  • Updated

 

As the Internet becomes a more dangerous place, more and more organizations are increasing security.  One way to increase the security of emails is to add a so-called DNS SPF record.  Google and other  mail providers are increasingly requiring valid SPF records for Domains and this is a good thing.

 

Using SPF, Mail servers can check to make sure that the email is actually coming from a validated host or IP address.  This can prevent spam, protect your reputation, and also mitigate getting placed on spam-lists.

Most, (but not all) mail-servers respect SPF records.


The SPF record goes in DNS for your domain as a TXT record and could look a bit the example one below. This allows the email servers in the MX records, as well as those nominated by Enlighten to originate email for your domain.  If you do not yet have an SPF record, we strongly recommend you adopt this default.  Change the "~" to a "-" if you'd like to request mail servers to "stop reject", rather than just "soft-fail" on SPF non-validation.

@ TXT 3600   “ v=spf1 mx include:_spf.enlightenhosting.com ~all ”

The example above would request to allow mail from the server the domain A record points to, our mail servers, and any server in the domain's MX record as well as any host with a suffix of the domain name (checked using reverse DNS, or PTR records) and deny any other host.

If you are making bulk-sendouts using a third party, or have an internet application (web site?) that sends email and does not send via our mail server, obviously you'd need to put their originating server details in the SPF record too.

You can check if you already have an SPF record by clicking here:
http://mxtoolbox.com/spf.aspx

 

Also read this about SPF records and Gmail addresses.

----

Important: Starting November 2022, new senders who send email to personal Gmail accounts must set up either SPF or DKIM. Google performs random checks on new sender messages to personal Gmail accounts to verify they’re authenticated. Messages without at least one of these authentication methods will be rejected or marked as spam. This requirement doesn’t apply to you if you’re an existing sender. However, we recommend you always set up SPF and DKIM to protect your organization’s email and to support future authentication requirements.

-----


We would be happy to assist you further in setting up an appropriate SPF record for your domain.  If the domain (nameservers) and the email service is with us, we can do it all for you, just ask!

 

Comments

0 comments

Please sign in to leave a comment.