// Tutorial //
How To Create a SPF Record For Your Domain with Google Apps
About SPF Record
An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. It is as easy to adding as MX or A records in your DNS zone.
Why It Is Important?
Today, nearly all abusive e-mail messages carry fake sender addresses. Spammers send email from their mail servers but with your ‘domain’ as the sending email. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse or waste their time sorting out misdirected bounce messages.
The purpose of an SPF record is to prevent spammers from sending messages with forged ‘From Addresses’ at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.
Setting SPF Record
Before creating the SPF record for your domain, it is important to find out which server your domain is going to send emails. Perhaps you are planning to send email using Google Apps or from your own VPS. Consider all the mail server options available.
We will implement this with Google Apps for this tutorial. Here are the following instructions:
Login to your DigitalOcean account. Then open Networking and locate the DNS configuration. Open the desired domain configuration. Now, add a TXT type record.
Write @ at the Enter Name and at the Enter Text, add the following:
”v=spf1 include:_spf.google.com ~all”
Let's explore this little more:
- v=spf1 This sets the SPF version being used.
- mx The "mx" mechanism allows the domain's MXers to send mail
- include:_spf.google.com The "include" mechanism includes Google mail servers in our list of authorized sending servers
- ~all If mail is received from a server not previously listed, mark it as a 'soft fail' - this allows the mail to be scrutinized further.
At this point, your DNS configuration should look like this:
The "all" Mechanism
This mechanism always matches. It usually goes at the end of the SPF record.
Examples uses:
- "-all" : This means that any server not previously listed is not authorized - no questions asked.
- "+all" : The domain owner thinks that SPF is useless and/or doesn't care.
Create SPF Record for Your VPS
If you are using your own VPS to send email and not any other service like Google Apps, then you can create this as:
"v=spf1 mx -all"
This will allow domain's MXes to send mail for the domain while prohibiting all others. Alternatively, you can input:
"v=spf1 -all"
This command prevents all host from sending mail.
Thats all, You have done it.
To understand it deeply can explore OpenSPF.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.
Sign up now
author
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Try DigitalOcean for free
Be very careful with using “v=spf1 mx -all” over “v=spf1 mx ~all”. The big boys (Google, Microsoft, et al) use the tilde over the deny-all dash for a very good reason.
If you don’t want your mail randomly dropped, use “v=spf1 mx ~all” instead.
@Ben: Yes. It has to be quoted otherwise it won’t work.
Just make sure you use straight quotes and not the curly ones that are in the post.
Should the value itself have quotes in it?
How long will it be valid nw… But I dnt it how it take it on it nah
FYI, they now appear to fully support not using quotes. This is going to be the safest route for most people since otherwise there is the risk of non-straight quotes being pasted in…often times quotes are automatically formatted in an email or website to use other varieties even if the author didn’t intend it.
Thanks. I was having issues with Gmail complaining that it couldn’t verify authenticity of sending domain. Setting the record to “v=spf1 mx -all” fixed this (after a few minutes delay).
“v=spf1 mx ~all” doesn’t work for me, my email still gets into the spam folder. What am I doing wrong? “v= +all” works
What if your website is sending mail from your server, ie, the article How To Install and Configure Postfix as a Send-Only SMTP Server on Ubuntu 14.04 But you are using myname@mydomain.com to reply and also send mail from google app?
Currently both sources are not spamming my email so do I even need to add a SPF record? If I am understanding correctly the SPF record is to prevent others from using myname@mydomain.com to spam people - correct?
@kamaln7 I think there is a small but annoying typo in this article. The record has ”v=spf1 include:_spf.google.com ~all” however, I think straight quotes are required “v=spf1 include:_spf.google.com ~all”