Need some help in setting up a SPF record

April 5, 2013 13.7k views
I have setup a SPF record like this: Name - @ Text - "v=spf1 a -all" But if I do a test using the first SPF Record Testing Tool here:, this is what I get: " SPF record lookup and validation for: SPF records are primarily published in DNS as TXT records. The TXT records found for your domain are: v=spf1a-all SPF records should also be published in DNS as type SPF records. No type SPF records found. Checking to see if there is a valid SPF record. No valid SPF record found of either type TXT or type SPF. "
1 comment
5 Answers

When setting up SPF records you should either authorize it from a specific IP or domain name.

For a specific IP address, from which you will be sending emails, add the following TXT type DNS record:

"v=spf1 ip4:IP_ADDRESS -all"

Make sure to replace IP_ADDRESS with your droplet's value from where you will be sending emails.

If you would also like to send emails from Google's mailservers (if you are using Google Apps for example):

"v=spf1 -all"

So putting it all together, if you are sending emails from your webserver and also using Google Apps mailservers:

"v=spf1 ip4:IP_ADDRESS -all"

For Google mail, this official Google help doc suggests using ~all instead of -all:
I forgot to add the quotes around the SPF. The Kitterman tool showed an invalid SPF with all the spaces removed. As mentioned above, this was due to not having double quotes around the TXT value.

I added one set of double quotes surrounding the entire SPF value, as shown above, and hit enter to save the changes in the DO DNS editor.

A dig command returned quotes around every string, which is clearly not how it looks in the DO DNS admin, and not how I'd added it.

"v=spf1" "ip4:" "a"

Had to delete the TXT record and re-add it in the correct quoted format for the DNS and then wait about 15 minutes.

This may be a bug in the DO DNS editing interface trying to be smart and auto quote TXT values, but going crazy and quoting every string independently.
You can add a dmarc record, for this to work properly, specifying the action to take on an spf fail and send you a daily report email.
Just a note to others, the "text" field for DNS needs the quotes around the value, otherwise it will not keep the spaces and merges it into an unusable record.

So keep the quotes around it when you put it into a TXT record.
Have another answer? Share your knowledge.