Setting up Sender Policy Framework (SPF) records

Every now and again we hear from a customer that her domain is being blocked by spam filters, and this can be a very frustrating problem. When this happens you will normally get an email saying that an email could not be delivered because the IP address or domain is listed with some spam checking site.

IP addresses and domain names get black-listed for many reasons. All of our hosting packages, with the exception of Virtual Private Servers (VPS), will use a shared mail server, which means that other accounts running on the same server can have an effect on your domain getting listed as they share the same IP address. Sometimes servers will also get temporarily listed for no apparent reason.

When this happens, the first thing to do is request the IP or domain to be removed from the list. You will normally find a URL to the service listing your mail server and instructions on how to request the server to be removed. Other than this, what can we do to prevent this kind of problem from happening? This is where SPF records come in.

The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery, allowing receiving hosts to verify that emails are being sent from a server that is allowed by the domain owner.

To do this you will have to create a DNS record that receiving servers can check. If your domain is using our name servers this can be done from our domain manager at http://domains.enoi.se/. The credentials for the domain manager are the same as the ones used for the hosting control panel.

Once inside the domain manager click on the DNS Management icon and scroll down to the CREATE NEW TXT RECORDS heading.

Screenshot
Create new TXT record box.

SPF records are TXT records, so we will use text box to add the entry. Note that your domain may already have an SPF record, so instead of creating one you may want to modify the existing one as required. An example SPF record would look something like:

v=spf1 a mx a:mailforwards.extendcp.co.uk ~all

This record means:

v=spf1                        : SPF version 1
a                             : A records for domain are allowed
mx                            : MX records for domain are allowed
a:mailforwards.extendcp.co.uk : IP of specied domain is allowed
~all                          : Soft fail for every other server

If my site was sending email from my web server (a very common feature) I may want to want to specifically allow the web server’s ip address. To do this, I would change the record to:

v=spf1 a mx ip4:79.170.40.224 a:mailforwards.extendcp.co.uk ~all

Note that the different parts after the version info (called mechanisms) are tested in order. More info on the SPF Record Syntax here. You may also find this SPF record testing tools helpful.