Sender Policy Framework or SPF prevents phishing and spoofing attacks by enabling domain owners to specify which IP addresses or servers they trust. These authorized IP addresses are enlisted in SPF TXT records. This blog focuses on understanding how to create an SPF TXT record for your domain.
What are SPF Records?
SPF records are TXT records that include all the email servers or IP addresses that domain owners allow sending emails from. Emails sent from IP addresses outside of the list are either marked as spam (SPF softfail) or outrightly rejected from entering recipients’ mailboxes (SPF hardfail).
Here’s an SPF TXT record example-
v=spf1 ip4=184.108.40.206 ip4=220.127.116.11 include:examplesender.email -all
A correctly set up and configured SPF TXT record for your domain ensures email security, improves email deliverability rate, and helps deploy DMARC protocol.
Now, let’s check out the 4 steps to create SPF TXT record online.
How to Create Your SPF Record?
You can protect your brand reputation and shield your customers or prospects from falling into the traps set by threat actors by starting your SPF journey. The first step of which is to know how to create SPF TXT records.
STEP 1: CREATE A LIST OF AUTHORIZED AND TRUSTED IP ADDRESSES
Draft an extensive list of IP addresses and servers allowed to send emails on behalf of your domain. Also, enlist if there are any third-party vendors permitted to send emails from your domain.
Remember that you’ll have to create an SPF record for all the domains if you use multiple domains to send emails from your company.
STEP 2: GENERATE YOUR SPF RECORD
- Start with v=spf1, which specifies the version number.
- v=spf1 has to be followed by all the IP addresses gathered in the first step.
- Next, use an include tag for third-party vendors’ email addresses.
- Lastly, end your record with an ~all or -all tag, where;
the ~all tag (Softfail) instructs recipients’ servers to accept emails failing authentication checks but mark them as spam.
-all tag instructs recipients’ servers to outrightly reject the entry of emails failing authentication checks.
STEP 3: PUBLISH THE GENERATED SPF RECORD ON YOUR DNS
Once you’ve learned how to create an SPF TXT record and generated one for your domain, it’s time to publish it on your DNS. A DNS manager does this; now, this can be an internal role in your company, or you can ask your DNS provider to do it for you. You may also have access to a dashboard that your DNS provider offers; if so, you can add the SPF TXT record on your own.
How to Access Your DNS Manager?
- Log in to your domain account.
- Find an option/page to update the domain’s DNS records. It’ll read something like ‘DNS management’ or ‘name server management’.
- Choose the domain you want to add the SPF record for and open the DNS manager.
- Create a new TXT record in the TXT section and set the host field to your domain name.
- Copy and paste your SPF record values.
- Specify the Time To Live (TTL), enter 3600, or leave the default.
- Click on ‘add record,’ and you’re done.
It may take up to 48 hours for this to reflect.
STEP 4: TEST YOUR SPF RECORD
Use SPF record checker, an online diagnostic tool that examines your record for syntactical errors and other configurations.
A correctly configured SPF record doesn’t exceed the 10 DNS lookup limit. However, if you’re struggling to stay within the limit, try our automatic SPF flattening services.
To create an SPF record for your domain, start by gathering all authorized IP addresses and generate a record using the above instructions. Then ask your DNS manager or DNS provider to add the record to your DNS. Lastly, run it through an SPF record checker to ensure it’s non-erroneous.