The Skysnag Blog
How to create an SPF Text Record in Simple Steps
Did you know that email is the starting point for more than 91% of all cyberattacks? Even the most seasoned marketing teams can make mistakes that endanger their email initiatives. Authenticating your email is critical for protecting yourself, your brand, and your customers from phishing and spoofing assaults. In this article, we’ll go over how to create your SPF Text Record in simple steps.
Authorize email senders with SPF
The Sender Policy Framework (SPF) is a technique used to prevent email spoofing. Setting up an SPF record helps to detect and block any unauthorized usage of your domain, which is often called spoofing.
SPF, on the other hand, is limited to detecting a forged sender claim in an email’s envelope, which is used when the message bounces. It can only be used in conjunction with DMARC to detect email spoofing a typical phishing and spam method.
What are SPF records?
An SPF record contains a list of all authorized host names / IP addresses that are allowed to send emails on your domain’s behalf.
Follow these five basic actions to create your SPF record:
Step 1: Gather IP addresses used to send email
The first step to implement SPF is to identify which mail servers you use to send email from your domain and make a list of all your mail servers and their IP addresses.
Step 2: Make a list of your sending domains
It’s likely that your firm owns a number of domains. Email is sent from some of these domains. Others, on the other hand, aren’t.
It’s critical to set up SPF records for all of your domains, even if you’re not sending emails from them. Why? A criminal will attempt to fake your non-transmitting domains after you’ve safeguarded your sending domains using SPF.
Step 3: Create your SPF record
SPF verifies a sender’s identity by comparing the IP address of the sending mail server to a list of permitted sending IP addresses published in the DNS record by the sender.
Here’s how to create your SPF record:
- The first tag should be v=spf1, followed by the IP addresses that are allowed to send mail. Here is an example: v=spf1 ip4:22.214.171.124 ip4:126.96.36.199
- If you utilize a third party to send an email on behalf of the domain in question, you must add an “include” declaration in your SPF record to designate that third party as a legitimate sender (e.g., include:thirdparty.com).
- After you’ve authorized IP addresses and included statements, finish your record with an all or -all tag.
- A soft SPF failure is caused by an (~all) tag, but not by a hard SPF fail (-all) tag.
- An SPF record can be up to 255 characters long, with no more than ten include statements. Here’s an illustration: include:thirdparty.com -all v=spf1 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199
- With the exception of -all domains that do not deliver email, any modifier will be excluded from the SPF record. Here’s an example record for a non-sending domain: v=spf1
Congratulations! You’ve completed the SPF record creation process. It’s now time to put it out there.
Step 4: Publish your SPF to DNS
Work with your DNS server administrator to submit your SPF record to DNS so that it may be referenced by mailbox providers.
If you’re utilizing a hosting service like 123-reg or GoDaddy, the process is quite straightforward. Contact your IT department for help if your ISP manages your DNS records or if you’re not sure. SPF records for sending domains are frequently published on your behalf by email service providers.
Step 5: Test!
Use Skysnag’s free SPF checker tool to test your SPF record.
You’ll be able to observe what recipients see in the following ways: A list of servers that have been granted permission to send an email on behalf of your sending domain. You can edit your record to include one or more of your legitimate sending IP addresses if they are not mentioned.
If used effectively, email can be a strong and profitable marketing tool. To increase these chances Skysnag configures your SPF Text Record to the highest standard of authentication with Skysnag’s automated SPF and DKIM software that prevents your recipient’s mailbox from receiving spam emails. Sign up using this link for a free trial today and get started with Skysnag.
Enforce DMARC, SPF and DKIM in days - not months
Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.