Have you sent emails to your customers and received no response? It is likely because your emails are bound to your recipients’ spam or junk folder. One of the reasons could be that your SPF record is improper or you do not have one.
SPF stands for Sender Policy Framework record, a DNS (Domain Name Service) entry inside your domain record. SPF tells the people outside your organization that you are allowed to send emails from a specific IP address.
Read on to learn more about SPF records, how to set them up on your domain, why you need them, etc.
What is SPF Record?
It is the first thing receiving servers look at to check whether the emails sent by your domain are spam or not and decides whether it goes spam or junk mail.
Your SPF record defines which mail servers are authorized to send mail on behalf of your organization’s email domain. It is a method of email authentication to stop spammers from sending emails on behalf of your organization that is not authorized. Your organization can publish approved mail servers using SPF for the recipient server’s validation.
It is simply the key to checking if the email is from your domain name from an authorized server. If yes, it passes the spam filter to the receivers’ inbox. If not, then it goes to spam or junk mail.
How Does SPF Work?
The first step is to publish an SPF record. It should be a DNS TXT record from your external DNS server. If you don’t have your DNS (Domain Name Service) server, you can create one with a third-party DNS provider like GoDaddy or Cloudflare.
It is how SPF works; when an email is composed and sent out from your domain, the receiving server receives the email.
When the receiving server receives the email, it will go back to your organization’s DNS server and query your DNS for the SPF record of the sending domain to verify if it comes from an authorized sending server or IP address.
When recipient servers examine the SPF record, if it does not match what is in your DNS, the emails will be rejected and sent to spam instead of the inbox.
The SPF has to be enabled; if the email receiving servers can verify that the server that sent the email from your domain was in the authorized list from your DNS, your email will go to the inbox; if not, then spam it is.
That is how SPF works; you pass if your sending IP is on the list and there is a correct SPF record. You fail the SPF check and could either be rejected or sent to the spam folder if the IP is not on the list.
It depends on the receiving server if the email will pass and go to the inbox or get rejected and go straight to spam.
Example of SPF Record DNS TXT and What They Mean.
Basic Format : <domain>. IN TXT “v=spf1 mx ∼all”
Complex Format : <domain>. IN TXT “v=spf1 mx a:<additional mail servers> include:<3rd party domain> ip4:<IP address/range> ∼all”
- “v=spf 1” – Defines what version of SPF you use.
- “mx” – This tag shows what mail servers are allowed for your domain, mainly your internal mail servers.
- “a:<domain>” – Systems that do not go to the mx.
- “include:<external domain>” – Your organization’s trusted third-party external domains like MailChimp, etc.
- “-all” – Only your domain’s email servers and the ones listed in a and include can send emails on your behalf; the rest is not allowed.
- “∼all” – Only your domain’s email servers and the ones listed in a and include can send emails on your behalf; the rest is not allowed. But a process or change is happening; otherwise, the rest is not allowed. It is one of the best to use for your SPF.
- “+all” – This means that any host can send mail on behalf of your organization. You should never use this because you do not want just anyone sending emails on behalf of your organization.
Why is SPF Record Important?
If you do not have an SPF record published, all emails from your domain sent by servers will go to spam or junk mail. The same happens if you have SPF, but the server indicated is not listed in the authorized section. It will be the same if you have an SPF record and do not implement it.
Email service providers typically require an SPF record. Your emails will probably wind up in the “Spam” category if the program doesn’t find an SPF record. The same thing will occur if the SPF Record is present. The IP address sent the message is not on the permitted list.
If you want your emails to be right in the inbox, SPF helps your emails pass the spam filter.
Those emails you get in your spam or junk are the types of emails that do not have SPF. Sometimes, they had an SPF but did not pass the verifying test from the email receiving servers.
How to Set Up Your SPF Correctly?
You can do it in just three easy steps!
- Go to your website DNS provider.
- Go to website DNS settings.
- Manage your DNS TXT entry by entering your SPF.
- Enter a TXT record such as “v=spf1 include:spf.google.com ∼all” or “v=spf1 include:spf.pprotection.outlook.com ∼all”
- Save all the changes.
There are two most commonly used email servers which are Google and Outlook. So, for example, you use them.
You should enter these on the TXT tab to manage your DNS records and put them on a TXT SPF entry.
Google – v=spf1 include:spf.google.com ∼all
Outlook – v=spf1 include:spf.pprotection.outlook.com ∼all
Just in case you use a different provider to send emails, for example, it’s MailChimp. Do not forget to enter it so the emails will flow properly.
Thus, it should look like this in the tab:
Outlook and MailChimp – v=spf1 include:spf.pprotection.outlook.com include:servers.mcsv.net ∼all
Just insert the “servers.mcsv.net” after the first server “include.”
The last step is to click on the save to save all the changes you made.
After this, every email from MailChimp and Outlook will authenticate to your domain. Those emails have a high chance of passing the spam or junk filter.
Your emails are bound to go to the recipient’s inbox, not spam or junk mail.
What is the Difference Between SPF, DKIM, and DMARC?
SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-Based Message Authentication Reporting and Conformance) all help stop email spoofing and spamming. However, they have different specialties.
Using SPF records helps email receiving servers specify which IP addresses are permitted to send mail on behalf of a specific domain. On the other hand, the encryption key and digital signature provided by DKIM will confirm if an email message is legitimate and is still the same along transmission. This process also ensures that Intruders did not change the email sent to the intended recipient. DKIM will verify using the digital signature if the email body or headers have changed or not, much like a seal on a pharmaceutical container.
In contrast, SPF and DKIM are compatible with DMARC. SPF and DKIM records must be published for that specific domain before you may enable DMARC on your parts. DMARC employs SPF and DKIM and gives recipient email servers instructions on what to do if they receive unauthenticated messages. Thus, receiving email servers can decide how to handle emails from your domain that do not pass SPF and DKIM verification. It always depends on the DMARC record.
SPF works more on validating outbound emails sent from your domain. DKIM works on ensuring that there are no alterations performed in your email during transmission. DMARC is the final step where the domain owner indicates what the recipient server must do as an action if the email fails either or both SPF and DKIM.