An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. It is as easy to adding as MX or A records in your DNS zone.
Today, nearly all abusive e-mail messages carry fake sender addresses. Spammers send email from their mail servers but with your ‘domain’ as the sending email. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse or waste their time sorting out misdirected bounce messages.
The purpose of an SPF record is to prevent spammers from sending messages with forged ‘From Addresses’ at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.
Before creating the SPF record for your domain, it is important to find out which server your domain is going to send emails. Perhaps you are planning to send email using Google Apps or from your own VPS. Consider all the mail server options available.
We will implement this with Google Apps for this tutorial. Here are the following instructions:
Login to your DigitalOcean account. Then open Networking and locate the DNS configuration. Open the desired domain configuration. Now, add a TXT type record.
Write @ at the Enter Name and at the Enter Text, add the following:
”v=spf1 include:_spf.google.com ~all”
Let's explore this little more:
At this point, your DNS configuration should look like this:
This mechanism always matches. It usually goes at the end of the SPF record.
If you are using your own VPS to send email and not any other service like Google Apps, then you can create this as:
"v=spf1 mx -all"
This will allow domain's MXes to send mail for the domain while prohibiting all others. Alternatively, you can input:
This command prevents all host from sending mail.
Thats all, You have done it.
To understand it deeply can explore OpenSPF.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.Sign up now
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Be very careful with using “v=spf1 mx -all” over “v=spf1 mx ~all”. The big boys (Google, Microsoft, et al) use the tilde over the deny-all dash for a very good reason.
If you don’t want your mail randomly dropped, use “v=spf1 mx ~all” instead.
@Ben: Yes. It has to be quoted otherwise it won’t work.
Just make sure you use straight quotes and not the curly ones that are in the post.
Should the value itself have quotes in it?
How long will it be valid nw… But I dnt it how it take it on it nah
FYI, they now appear to fully support not using quotes. This is going to be the safest route for most people since otherwise there is the risk of non-straight quotes being pasted in…often times quotes are automatically formatted in an email or website to use other varieties even if the author didn’t intend it.
Thanks. I was having issues with Gmail complaining that it couldn’t verify authenticity of sending domain. Setting the record to “v=spf1 mx -all” fixed this (after a few minutes delay).
“v=spf1 mx ~all” doesn’t work for me, my email still gets into the spam folder. What am I doing wrong? “v= +all” works
What if your website is sending mail from your server, ie, the article How To Install and Configure Postfix as a Send-Only SMTP Server on Ubuntu 14.04 But you are using email@example.com to reply and also send mail from google app?
Currently both sources are not spamming my email so do I even need to add a SPF record? If I am understanding correctly the SPF record is to prevent others from using firstname.lastname@example.org to spam people - correct?
@kamaln7 I think there is a small but annoying typo in this article. The record has ”v=spf1 include:_spf.google.com ~all” however, I think straight quotes are required “v=spf1 include:_spf.google.com ~all”