Common SPF Record Examples And How To
Customize Them For Your Domain


The Sender Policy Framework (SPF) is a protocol used for authenticating emails to combat the issue of email spoofing. This system enables domain owners to identify which mail servers are authorized to send emails for their domain. Accurately setting up an SPF record is vital for maintaining both the security and deliverability of emails.

By appropriately configuring and personalizing SPF records, you can bolster your email security and increase the likelihood that your legitimate messages will be acknowledged and accepted by the mail servers of recipients. In this guide, we will examine typical examples of SPF records and provide guidance on how to tailor them for your specific domain.



Spf-record-example



Understanding SPF Records


An SPF record is a type of TEXT entry found in your domain's DNS configuration that indicates which mail servers are permitted to send emails on behalf of your domain. Generally, an SPF record includes the following elements:

  • v=spf1: Indicates the SPF version in use.

  • ip4 & ip6: Lists the permitted IPv4 and IPv6 addresses.

  • include: Grants permission to external email service providers.

  • all: Specifies the action for handling unapproved mail sources (-all, ~all, +all, ?all).

Common SPF Record Examples


1. Basic SPF Record for a Single Mail Server

Should your domain be utilizing a sole mail server with a recognized IP address, your SPF record could be formatted as follows:

v=spf1 ip4:192.168.1.1 -all

This configuration permits exclusively the listed IP address (192.168.1.1) to dispatch emails for your domain while prohibiting any other sources.


2. SPF Record for Multiple Mail Servers

In the case of having several mail servers, you can specify their IP addresses like this:

v=spf1 ip4:192.168.1.1 ip4:192.168.1.2 -all

This configuration verifies that both servers are permitted to send emails.


3. SPF Record for Third-Party Email Providers

Numerous companies utilize external platforms such as Google Workspace or Microsoft 365 for their email communications. To grant them permission, you can apply the include mechanism as follows:

  • For Google Workspace: v=spf1 include:_spf.google.com -all

  • For Microsoft 365: v=spf1 include:spf.protection.outlook.com -all

This configuration enables these services to dispatch emails using your domain.


4. SPF Record with Both Internal and External Mail Servers

When you operate an internal mail server alongside an external service such as Google, your SPF record could be formatted as follows:

v=spf1 ip4:192.168.1.1 include:_spf.google.com -all

This setup enables both your own mail server and Google's servers to dispatch emails.


5. SPF Record for Subdomains

When dealing with subdomains that are responsible for sending emails, it is essential to establish individual SPF records for each one:

subdomain.example.com TXT "v=spf1 ip4:192.168.2.1 -all"

This guarantees that only the specified server associated with the subdomain is authorized to send emails. Explore here for more insights.



Spf-record-example-1-



How to Customize SPF Records for Your Domain


1. Identify Your Mail Servers

Identify all servers that are permitted to send emails using your domain, encompassing web servers, dedicated email servers, and external service providers.


2. Use the Appropriate Mechanisms

  • ip4 and ip6: Utilize these to indicate permitted IP addresses.

  • include: Employ this to assign sending permissions to reliable third-party providers.

  • all: Select from -all (fail), ~all (soft fail), +all (permit all), or ?all (neutral).

3. Keep SPF Records Under the 10-Lookup Limit

SPF records have a maximum limit of 10 DNS queries. Going beyond this limit may lead to issues with authentication. To avoid this, utilize IP ranges and merge includes whenever feasible. It's crucial to keep your SPF record within the 10-DNS query restriction to maintain successful authentication.


4. Test Your SPF Record

Utilize web-based SPF validation tools such as:

  • MXToolbox (https://mxtoolbox.com)

  • Kitterman SPF Tester (http://www.kitterman.com/spf/validate.html)

These resources help identify any mistakes and verify that your SPF record is set up properly.

5. Monitor and Update Regularly

It's important to keep an eye on SPF records for any alterations in mail server setups. Make it a habit to periodically check and refresh these records to uphold email security. Consistently assess and revise your SPF records to ensure they align with proper mail server configurations and safeguard your email communications.