Are you the youngest person in the office, and as such, you’re the de facto IT Director? Did you nod enthusiastically when your CFO asked if you could set up a new business email service for your company, only to be met with a much more involved process than you were expecting?
In this blog, you’ll get the 101 explanation of what an SPF record is, why they’re important, and what you need to do to implement them for your business email provider. After reading, you’ll be ready to implement your own SPF record for your office’s email service.
WHAT IS AN SPF RECORD?
A Sender Policy Framework record is unique to your company, and is used to verify IP addresses associated with your company’s email domain.
Without an SPF record, there’s no way for an email to prove that it was actually sent from an IP address that belongs to that domain — and so, if your email provider doesn’t have an SPF record, your emails may be considered unverified, and may be blocked by most spam filters.
It’s for precisely this reason that virtually every business makes use of an SPF record.
Having an SPF record in place does more than simply get your emails around spam filters — it prevents email clients from displaying warning messages about potential phishing scams when a user attempts to open one of your organization’s emails, and as such, dissuades bad actors from spoofing your domain name for their own phishing emails.
All in all, an SPF record is imperative for any business today.
WHAT DOES AN SPF RECORD LOOK LIKE?
An SPF record is simply a TXT record that includes your domain name, and all IP addresses associated with that domain, and that have permission to send emails using your domain name.
When you send an email from a domain with an SPF record, the email server that receives the email will read the TXT record, and cross-reference the sender’s IP address against the IP addresses listed in the SPF record. If it doesn’t match, the email will fail, and most likely be directed to their spam inbox.
A simple SPF record could look like this:
v=spf1 ip4:126.96.36.199 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e include:authorized-domain.com -all
Here’s what all that means:
- v=spf1 - This is the identifier for the SPF record. Email clients will read this portion to determine which SPF record they are interacting with.
- ip4 / ip6 - This is the portion of the SPF record that lists all associated IP addresses. If you need to list multiple IP addresses, you can simply separate them with a space.
- include - The domain listed after “include:” is the domain your organization owns, and lets the receiving email client know that the IP address that sent the email is authorized to send emails on the listed domain’s behalf.
- -all - This last section of the SPF record details what a receiving email client should do if the IP address does not match up. For the case of “-all,” the email will fail. If set to “~all,” the email will “soft fail,” meaning it could still show up in the recipient’s inbox, but with a warning message of potential spam, and “+all” results in the email going through regardless of whether or not the IP addresses match. (“+all” is considered as not secure, and should not be used by most organizations.)
HOW TO CREATE AN SPF RECORD
Now that you know what an SPF record is, and the components that make it work, it’s time to make your own!
Step one: head on over to your DNS host. This is often the service you used to purchase your domain name, and hosts your organization’s website. Even if you built your website using a service like SquareSpace, Wix, or HubSpot, you’ll still need to do this through your actual DNS hosting provider. Sometimes, this would be something like GoDaddy or name.com.
Once you’ve accessed your DNS provider, you’ll need to head to your dashboard. Here, there will be an option to create an SPF record. To do so, go to the field where you can select which type of record to create. Your usual options will be “A Record,” “CNAME Record,” “MX Record,” and finally, “TXT Record.”
Choose TXT, and then begin creating your SPF record using the components listed above. If you’re wondering if you’re doing this correctly, your email provider will usually provide you with a string of text to copy and paste into the field you use to create your SPF Record. This can usually be found where your DNS information is kept.
After filling in the fields, make sure to save your changes. Adding an SPF Record can take up to 48 hours to enact, so don’t plan on being ready to go immediately after creating your SPF Record.
SPF RECORDS KEEP YOU SECURE, AND PROTECT YOUR BRAND
SPF Records are important because they help protect email recipients from spam and phishing emails, and protect your organization from being spoofed or used as a trojan horse by bad actors.
We hope this blog has helped ease your worries about setting one up. If you have any questions about SPF records, email security, or IT in general, contact us here!