Email SPF Records


Revision as of 15:04, 28 April 2023 by Wikiadmin (talk | contribs)

What is a SPF record

An SPF (Sender Policy Framework) record is a type of TXT record in your domains DNS configuration. The TXT record specifies a list of authorized hostnames/IP addresses that mail can originate from for a given domain name. Once this entry is placed within the DNS zone (records), no further configuration is necessary to take advantage of servers that incorporate SPF checking into their anti-spam systems. This SPF record is added the same way as a regular A, MX, or CNAME record.

If you host email for your domain at Bravenet the SPF TXT record would be:

Name:      example.com
Value:     v=spf1 include:spf1.bravehost.com ~all
TTL        3600 or one hour

Please substitute example.com for your own domain name. If you see a MX record of the form mail1.bravehost.com you are likely hosting your email at Bravenet.

Why is a SPF record important

Adding an SPF record can help detect and prevent spammers from sending email messages with forged From addresses on your domain. Spamming with a fake reply-to address is called "spoofing." Since the email appears to be coming from your server, complaints and bounce backs from the spam will often be redirected to your server, rather than the actual spammer. You may also receive some of the original spam - spam that appears to be coming from you. Adding the SPF record to your zone file is one of the best ways to stop spammers from using this technique with your domain. An SPF record will remove a high quantity of bounce backs that you are receiving because other providers will reject the email immediately, without sending a bounce-back to the spoofed reply-to address.

Recently, some email providers who you may want to send email to have started outright rejecting email or sending the email to their Spam folders if the SPF record for your domain does not exist or is incorrect.

Configuring an SPF TXT Record

When configuring a SPF TXT record it is important to identify and define where your domains DNS is hosted (name servers), where the email is hosted (MX records) and what the SPF TXT record is related to those parameters. To determine where your email and DNS are hosted please see the troubleshooting section at the bottom of this article.

Configuration 1 Email and DNS hosted at Bravenet

If you want to host your email at Bravenet and your nameservers are configured for Bravenet nameservers you would add the following TXT record at Bravenet:

1. Login to your Bravenet account
2. Click on the "Domains" tab
3. Click on the domain you wish to manage
4. Scroll down to "TXT" Records and click "Add TXT Record"

subdomain: <Leave this field blank>
Host Name: example.com
value:     v=spf1 include:spf1.bravehost.com ~all
TTL:       Default (1 Hour)


5. Click Create Record

Configuration 2) Email hosted at Bravenet and DNS hosted at a Third Party Host

If you want to host your email at Bravenet and your nameservers are configured for Third Party nameservers you would add the following SPF record at your third party DNS host:

Add TXT Record

name:    example.com
value:   v=spf1 include:spf1.bravehost.com ~all
TTL      3600 or one hour

Please consult your Third Party Host documentation on how to add a SPF TXT record for your domain

Configuration 3) Email hosted at Third Party Host and DNS hosted at Bravenet

If you want to host your email at a Third Party Host and your nameservers are configured for Bravenet use the steps in Configuration 1 of this article but change the 'value' in step 4 to the SPF value provided by your Third Party Host.

Note this also assumes you have set your third party MX records correctly at Bravenet.

Configuration 4) Email and DNS hosted at Third Party Host

If you want to host your email at a Third Party Host and your nameservers are configured for a Third Party Host use the steps in Configuration 2 of this article but change the 'value' to the SPF value provided by your Third Party Host.

Configuration 5) Multiple Host SPF record

You are able to define multiple email host platforms in a single SPF record. Please be aware that merging the multiple records into one SPF TXT record is the correct way of adding multiple email hosts to a SPF record. Defining more than one SPF TXT record for your domain will result in unexpected results and is not recommended.

For example, if you want to use a Third Party Email Host and employ the services of Bravenet's Mailing List services that will be two different email server SPF records you would need to merge together. From a high level standpoint you would use the current SPF TXT record from your third party email provider and add Bravenet's SPF TXT record to it. You are essentially authorizing two different email server sources to send email for you domain. You would still employ either of the methods above (Configuration 1 or 2) to add the record.

Say for example you used Microsoft Office 365 as an email provider, you would have a SPF TXT record value that looked like the following:

v=spf1 include:spf.protection.outlook.com ~all

Looking at the value part of the Bravenet SPF TXT record you end up with:

include:spf1.bravehost.com

Putting them both together you end up with the following TXT record:

v=spf1 include:spf.protection.outlook.com include:spf1.bravehost.com ~all

Please do NOT add multiple SPF TXT records to your domain this will result in unexpected behavior.

Troubleshooting Information

Verify the value of a SPF TXT record

After adding the TXT record you may have to wait up to one hour before the change is reflected on the internet. You can use this publicly available tool to test if your TXT record is correct:

https://mxtoolbox.com/TXTLookup.aspx

For email hosted at Bravenet the SPF TXT record would be:

v=spf1 include:spf1.bravehost.com ~all

Verify where email is hosted – Verify MX records

To verify where email is hosted you would look to see what the MX records for the domain are set to:

https://mxtoolbox.com/MXLookup.aspx

For email hosted at Bravenet those servers would be:

Pref	Hostname	        IP Address	TTL	
10	mail1.bravehost.com	65.39.211.20    60 min
20	mail2.bravehost.com	65.39.211.21    60 min

Verify Name Servers for a domain

https://mxtoolbox.com/DNSCheck.aspx

For email hosted at Bravenet those servers would follow this convention nsNN.bravehost.com where NN is any numeric digit for example:

ns9.bravehost.com
ns10.bravehost.com

Further Information

Using your Bravenet e-mail account

Troubleshooting Email