Email Authentication Protocols

[Rajat K]

What is a SPF Record and How to Set It Up?

SPF (Sender Policy Framework) is an email authentication protocol that tells receiving email servers whether an email is sent from a trusted source authorized by the sender.

It is implemented by adding a TXT record to a domain's DNS records. The TXT record specifies which servers or IP addresses are allowed to send emails on behalf of your domain.

Think of SPF like a bouncer at a club - only the approved guests get in.

A Typical Example of an SPF Record

v=spf1 +mx +a include:spf.protection.outlook.com -all

v=spf1 +mx include:sendgrid.net ~all

Breaking Down the Elements for Clear Understanding

• v=spf1 indicates this is an SPF version 1 record (the current standard).
• +mx allows mail from the IP addresses of the domain’s MX servers.
  (These are the mail servers your domain uses to receive mail.)
• +a indicates allow mail from the domain’s A record IP address (usually the main IP of your website or server).
• include:spf.protection.outlook.com
  Allows emails from all Microsoft Outlook/Office 365 authorized servers.
• -all
  Means mail from any other servers not listed here should be rejected outright.
• ~all
  Means a soft fail, emails from servers not listed should be treated as suspicious, but not rejected outright.

In plain English, your domain is essentially saying: "Hey, these servers are allowed to send emails as me."

Tools to check for SPF records:

• MXToolbox
• PowerDMARC
• Mailtester

Got questions or want help setting up your SPF record? Drop a comment below, let’s make sure your emails always land where they should: the INBOX.