How To Create An SPF Record In Office
365, Gmail, And Custom Domains


Email spoofing and phishing represent significant threats that modern businesses frequently encounter. Cybercriminals often manipulate email headers to disguise their messages as if they originate from a legitimate source. To combat this issue, domain owners implement SPF records — these are a specific type of DNS TXT record that delineate which mail servers are permitted to send emails on behalf of their domain. In the absence of an SPF record, your emails run the risk of being flagged as spam or outright rejected by the recipient's email servers.

This guide provides a comprehensive, step-by-step approach to creating an SPF record for Office 365, Gmail (Google Workspace), and custom domains, ensuring robust email authentication and secure delivery of your messages.


What is an SPF Record?


An SPF record is a specific kind of DNS TXT record that informs incoming mail servers about the IP addresses and domains authorized to send emails on behalf of your domain. When set up correctly, it aids in avoiding domain impersonation, minimizes the chances of spam and phishing, enhances the likelihood of email delivery, and fosters trust among recipients.

To achieve optimal security, SPF is frequently used alongside DKIM (DomainKeys Identified Mail) and DMARC.



how-to-create-spf-record



How to Create an SPF Record in Office 365


  • Step 1: Access Your Domain Registrar: Start by logging into the platform where you manage your domain or DNS settings.

  • Step 2: Find the DNS Settings: Navigate to the section designated for DNS management or advanced DNS configurations.

  • Step 3: Input the SPF Record: For Microsoft 365, the suggested SPF record format is:

    • v=spf1 include:spf.protection.outlook.com -all

    • This configuration instructs mail servers to accept emails solely from Microsoft 365 servers.

  • Step 4: Save and Verify the Record: Once you’ve updated the DNS settings, give it some time to propagate (which may take up to 48 hours). You can check the effectiveness of your SPF record using online tools such as MXToolbox or a specific SPF checker. To discover more, just click on the link.


How to Create an SPF Record in Gmail (Google Workspace)


Organizations utilizing Gmail via Google Workspace must configure SPF records to authenticate their outgoing emails.

  • Step 1: Access DNS Settings: Begin by logging into your DNS provider’s interface and navigating to the DNS settings area.

  • Step 2: Input the SPF Record: The recommended SPF record for Gmail is as follows:

    v=spf1 include:_spf.google.com -all

    This setup permits Google’s mail servers to send messages on behalf of your domain.


  • Step 3: Save and Verify: After saving your changes, it’s important to verify the SPF record. You can do this by sending a test email to tools such as Google’s CheckMX or other SPF validation services to ensure everything is configured correctly.

    Optional: Incorporating Additional Email Sources

    If you're using external email platforms (like Mailchimp or Salesforce), you'll need to incorporate their SPF entries as well. For instance:

    v=spf1 include:_spf.google.com include:servers.mcsv.net -all



how-to-create-spf-record-1



How to Create an SPF Record for Custom Domains


  • Step 1: Identify All Email Sending Sources: Compile a comprehensive list of all the servers, platforms, and services that send emails on behalf of your domain. This could include:

    • Your personal mail server.

    • External services.

    • Web hosting services that offer email functions.

  • Step 2: Create the SPF Record: A standard SPF record appears as follows:

    v=spf1 ip4:192.0.2.10 include:spf.protection.outlook.com include:_spf.google.com -all

    Here’s a breakdown of each component:

    • ip4:192.0.2.10: Grants permission to a mail server with a designated IP address.

    • include:spf.protection.outlook.com: Grants access to Office 365 servers.

    • include:_spf.google.com: Grants permission for Google Workspace servers.

    • -all: Denies all unauthorized senders.

  • Step 3: Implement and Verify: Add the record to your DNS configuration and conduct thorough testing. Failing to include a sending source could result in legitimate emails being rejected.


Best Practices for SPF Records


  • Maintain Concise and Precise Records: Each SPF record string must be limited to 255 characters. If needed, utilize multiple strings.

  • Restrict DNS Queries: SPF has a cap of 10 DNS queries. Over-relying on external services can lead to errors, indicating “too many lookups.”

  • Integrate SPF with DKIM and DMARC: For optimal performance, SPF should be used alongside DKIM for cryptographic verification and DMARC for monitoring and enforcement.