Just like how a fingerprint biometric or PIN code communicates to your phone that you’re the device owner, the Sender Policy Framework (SPF) also signals to the recipient server that you’re the rightful email sender.
SPF is a security measure that keeps your email domain and sender ID safe – a vital function if you’re an email marketer.
So, if you’re planning to set up an email server and you’re confused by SPF, then this guide is for you. The technical terms may seem intimidating at first but don’t worry. We will explain it thoroughly to you.
We’ll explore the syntax of SPF, how to set up an SPF record and provide examples of its configurations. Ready? Here we go.
Canva/ Melpomenem
What is SPF Syntax?
The SPF record syntax plays an essential role in email authentication by enabling companies to list legitimate sources allowed to send emails on their behalf from their domain.
So, if your email provider (for example, Gmail, Yahoo Mail, and Outlook) doesn’t have an SPF record, it’s easy for your emails to be considered unverified. The end result? Most spam filters will block your emails. This could lead to a lower open rate and may soon damage your sender’s reputation.
For this reason, every business with an online presence should use a valid SPF record.
Examples of SPF Record Syntax
An SPF record syntax comprises a version number, qualifiers, and modifiers. It is a TXT file stored on the Domain Name System. A DNS translates a hostname (e.g., www.example.com) into a language of numbers that a computer understands (e.g., an IP address).
Each mechanism contains a qualifier. Without an explicit qualifier, a pass (+) is assumed. Meaning the IP addresses pass the SPF.
An SPF Record Syntax can be best understood through an example like the one below:
Example 1: Allow a list of IP addresses to send email
v=spf1 ip4=192.0.2.0 ip4=192.0.2.1 include:examplesender.net -all
With this record alone, it already informs the receiving server how to handle non-compliant emails.
Let’s break down further each element of the SPF Record Syntax to understand how the SPF syntax does this:
- v=spf1 – This part of the DNS TXT record signifies to the recipient server that the text record is an SPF record. All SPF records should start like this.
- ip4=192.0.2.0 ip4=192.0.2.1– Indicates the IP addresses authorized to send emails for this domain.
- Include: examplesender.net – It shows third parties approved to send emails for the specified domain.
- -all – A command to the receiver server to reject all emails with domains or IP addresses not listed in the SPF record syntax.
Let’s look at another example to help you make sense of all mechanisms and modifiers.
Example 2: Allow only one mail server to send email
v=spf1 ip4:198.51.100.1 -all
This SPF record example only allows the mail server to have a 198.51.100.1 IP address. All other servers are treated as unauthorized.
Canva/ nathaphat
The SPF Mechanisms, Qualifiers, and Modifiers for Advanced SPF Syntax
SPF Mechanisms
These are all the elements in the SPF record, as mentioned earlier, that direct the receiving server to use protocols or check records when performing the SPF authentication.
These mechanisms include “a,” “ip4,” “ip6,” “mx,” “ptr,” “exists,” “include,” and “all.”
A DNS SPF record syntax always begins with the “v” element, indicating the SPF version used.
Diving Deeper Into The “MX” Mechanism
Since we haven’t discussed the mx mechanism earlier, let’s highlight it now.
It authorizes senders with matching IP addresses to that contained in the MX record. MX records comprise IP addresses with priority values for all servers designed to accept messages. All MX records are tested in order of MX priority.
SPF Qualifiers
These optional prefixes tell the receiving server what to consider if there’s a match in the value.
| + | Pass | Shows the IP address allowed to send. An SPF record is set to Pass by default. |
| – | Fail | The receiver mailbox accepts the message but is marked as suspicious, often landing in the spam folder. It shows the IP address NOT allowed to send, although in transition. |
| ~ | SoftFail | The receiver mailbox accepts the message but is marked as suspicious, often landing in the spam folder. It shows the IP address NOT allowed to send, although in transition. |
| ? | Neutral | This SPF record specifies explicitly that the email message neither passes nor fails the authentication. |
SPF Modifiers
These are optional in an SPF record and may be used once in one record.
- redirect – It points to another domain’s SPF record. The redirect modifier is used only when you use or control multiple domains but with the same SPF record data. If you don’t manage both domains, the modifier “include” is used.
- exp – This provides the explanation when a receiving server rejects the email.
Canva/ hakule
Why Should You Set an SPF Record?
Setting an SPF record stops phishing attacks. Since SPF authenticates your email, the receiving server sees when a fake email is from a malicious source and flags it.
Furthermore, implement an SPF signal to email providers that you want to prevent email-related cyberattacks. Thus, it boosts your current domain reputation.
How Do Mail Servers Check SPF Records?
Simple.
- Server 1, where the email comes from, has a unique IP address and a return path. The return path specifies where bounced emails land or tells the SMTP servers where to send bounced emails or non-delivery notifications.
The DNS setting of the sending domain contains all servers authorized to send emails. It can be configured using an SPF record.
- Server 2, which receives the email, checks which server sent the email.
It involves performing a DNS SPF Lookup, which verifies the sender’s identity and is considered a vital security method to differentiate between fraudulent and legitimate sources and prevent spoofing.
However, an SPF check has limitations. Exceeding the 10 DNS SPF Lookups limit will cause the receiving email system to reject the SPF validation. To learn more about it, read our post on SPF Limit: It’s Not as Difficult as You Think.
Now that you have a better understanding of what an SPF record is, the elements that make it work, and why you should build one, you are ready to make one for your own.
If you’re looking for an all-in-one email marketing tool for IP warm-up, authentication, and reputation management, try InboxAlly.
It’s a unique tool that teaches inbox providers, like Gmail, to learn that emails from your domain are important and valued by recipients. Thus, your emails are less likely to land in the spam folder.
Experience InboxAlly for yourself. Try a 10-day free trial.
Canva/ Getty Images Signature
How To Structure SPF Records
Building your SPF record prevents malicious persons from using your domain to send malicious (unauthorized) emails, a.k.a email spoofing.
Step 1. List Your Mail Servers and Their IP Addresses
The first step to creating an SPF record is to gather all mail servers you use when sending email from your domain. Consider if any of these servers are used when sending emails on behalf of your business:
- Web servers
- In-office mail servers (for example, Microsoft Exchange)
- your email service provider’s mail server
- The mail server used by your end users’ mailbox providers
- Other third-party mail servers are utilized to send emails for your brand.
Step 2. List Your Sending Domains
There’s a chance that your business owns many domains, but not all are used to send emails. For the second step in creating SPF records, it’s important to list all your sending domains.
Step 3. Create an SPF Record
Third, create your SPF record, starting with the v=spf1 (version 1) tag. Although you can create multiple SPF records, it may generate “SPF PermError,” harming your deliverability.
Observe the 255-character limit for the strings in SPF and TXT records. The next important step is to publish it.
If messages from your domain are still landing in the spam folder after adding the SPF record or you’re still experiencing issues verifying SPF, check out Google’s support page on Troubleshooting SPF issues.
Step 4. Publish Your New SPF Record to DNS
Now that you’ve structured your SPF records, the next step is to publish them to your DNS. Usually, DNS changes will be verified after 48 hours (time for DNS propagation).
Step 5. Test Your SPF Record
This is the last step to ensure your SPF record functions as you want. You may use an SPF check tool to use what your target recipients see.
Perform this test before sending a major email campaign. If you observe that one of your legitimate sending IP addresses is omitted, update your record during this step.
For an easy breakdown of email authentication protocols besides SPF, read our crash course on SPF, DKIM, and DMARC explained [Infographic].
Utilize SPF Syntax for Maximum Efficiency
Achieve the Optimal Setup for Email Security and Deliverability with InboxAlly
Thousands of users worldwide have used InboxAlly to help them achieve more with their email marketing campaign. Why? Because we are passionate about offering you real business solutions.
Here are three ways InboxAlly can help you improve your email deliverability and eventually grow your business.
- Ensure your emails reach your intended recipients
InboxAlly improves your reputation by engaging with your email sent to our “seed emails.” These email addresses are genuine and designed to create good email engagement.
They train inbox providers to prioritize the delivery of your future emails to the inboxes of your intended recipients.
Moreover, these engagement actions that seed emails perform include removing your emails from spam and putting them in the primary inbox, opening your emails, scrolling through (signifies reading) your emails, replying to emails, clicking links in the email, and marking emails as important.
If you want to audit and test the deliverability of your campaigns before availing of our service, we offer a free Email Spam Checker. Use it to determine your spam score and how to avoid the spam folder.
- Centralized platform for multiple clients and campaigns
Our platform can be used for various clients and campaigns. It lets you see the broadcasts you send through the dashboard, giving you growth opportunities.
You can even see email marketing strategies that are working and those that are not.
It can also be used with large email lists, and you can create multiple sender profiles to accommodate all your IPs and domains.
Currently, we support Gmail, G Suite, Yahoo, Outlook, and Hotmail. We are also working on providing future support for Outlook365, AOL, and other mailbox providers based on our clients’ needs.
- Talk to an email expert
We don’t want you to feel alone. We offer tutorials, documentation, and FAQ pages to assist you on your path to improved email deliverability. You can also contact our customer support to talk to an email expert.
This tool is for deliverability experts, cold emailers, email marketing agencies, email list owners, businesses new to mass email marketing and affiliate marketers. Find your use case here.
Canva/ fizkes
Final Words
We hope this guide has helped you better understand the SPF syntax record and how to set it up.
Overall, SPF is a crucial part of your DNS record and email marketing campaign’s strategy. An SPF-protected domain ensures the delivery of legitimate emails, and such a domain is less appealing to fraudsters. It will keep your business off an email blacklist.
Another key takeaway is setting up SPF records for your sending domain to boost your emails’ credibility.
Lastly, pair your SPF with DMARC and DKIM to increase protection against phishing attacks and spoofing using your legitimate business names.
Interested in learning how InboxAlly helps marketers improve their email security and deliverability?