Install an SPF Record to Improve Email Delivery
This entry applies to anyone who will be outsourcing any of their outbound email sending from servers other than their corporate email servers. You are likely an IT person who had landed here because someone from the marketing department said ‘Hey IT dude – we started using an ESP and we want to maximize email delivery.’
If you are using an Emails Service Provider (ESP) like Pinpointe, Constant Contact or Exact Target, then this applies. If you are just sending outbound emails from Outlook, then this does not apply.
What is “SPF” and what does it do?
SPF stands for “Sender Policy Framework”, and helps to control forged e-mail. SPF is not directly about stopping spam – it is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t. While not all spam is forged, virtually all forgeries are spam. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send bazillions of emails from another company’s domain (like yours).
SPF is an open standard – it isn’t owned or controlled by any one body or company. More information about SPF can be found at:
Why do I want to have SPF records for my domains?
Many mail servers are now testing for the presence of SPF records, so if you don’t have one, your email will probably not be delivered to that server. Hotmail, for example, started testing the use of SPF records in 2004.
A Specific SPF Example: Setting your SPF Record and Using Pinpointe as an ESP
To set up SPF, your company’s domain administrator publishes an SPF record in your top-level domain’s DNS record by adding a specific TXT entry. That may sound confusing, but it isn’t – here’s specifically how to do it.
Assume your domain is ‘mycompany.com’. Also assume that you are sending emails from your regular servers, but your marketing department just signed up with Pinpointe to use Pinpointe’s email marketing solution for email marketing. The first step is to go to the OpenSPF wizard, which will walk you through a few basic questions:
Now enter your domain (‘mycompany.com’) and hit the ‘Begin’ button. You will get a screen like this:
Just answer each SPF question
Typically answer the first three questions as Yes / Yes / No.
If you know the specific hostnames, mail server names or IP addresses of outbound email servers, enter them here; if you don’t know, ask your mail administrator. If you still don’t know, you can skip these.
‘include’: Here is where you can include your ESP, in this case, Pinpointe. Enter: ‘pinpointe.com mypinpointe.com’ — these are the domains we use for our outbound email servers.
For the final question – if you know absolutely for sure that you have defined every email outbound email server for your domain, then select ‘yes’ Otherwise, choose no. Be careful here – if you select ‘yes’ and, in fact, there are other email servers, email from them may be blocked in the future.
Here is the resulting record:
“v=spf1 include:pinpointe.com include:mypinpointe.com ?all”
The SPF wizard reports what each field means:
A note here:
The ‘-all’ part means that this SPF record has identified *all* email servers that are permitted to send outbound email for this domain. On one hand, spam filters that verify the SPF record will be happy to see that you have definitively identified all servers (good). On the other hand, if there are any other servers that actually can send email from ‘mycompany.com’, then you’ve just mucked things up. The less conservative option is to use ‘?all,’ which says to the world “All of the servers I’ve listed here can send on my behalf; there may be other servers that can also send email on my behalf.’
You should also review the tradeoffs involved in choosing an “all” default: see page 15 of the white paper: http://www.openspf.org/FAQ/Common_mistakes#dont-guess
You can read all the options that you have by visiting: http://www.openspf.org/SPF_Record_Syntax
Installing your SPF Record
Now that we know what SPF record to install, we need to install it. If your domain is registered at GoDaddy.com (Hosting Company), for example, follow these steps:
- Log in to your GoDaddy.com account (Hosting Company Account). Next to your respective domain, click the DNS button.
To create a new SPF record, click the ADD button under the Records section.Note: if you already see a TXT record with a value beginning with ‘v=spf1’ then edit that record rather than adding a new one.
- Select the TXT option from the Type drop-down menu.
- Enter @ into the Host field.
Enter the SPF record in the ‘TXT Value’ Field. You can copy it, exlcluding the quotes, and paste it into this field.Once entered, it should look something like this:
“v=spf1 mx a ip4:22.214.171.124/21 ~all”
And with that… You’re done!
If you are an IT / tech and are managing your DNS servers directly, here is how you’ll finish making the entry:
If you run BIND:
Paste this into your zone file:
mycompany.com. IN TXT “v=spf1 include:pinpointe.com include:mypinpointe.com ?all”
If you run tinydns (djbdns)
Paste this into your zone file:
‘mycompany.com:v=spf1 include pinpointe.com include mypinpointe.com ?all