The Skysnag Blog

SPF Record

October 1, 2022  |  2 min read

What is an SPF Record

A DNS (Domain Name System) entry known as an SPF record allows you to specify which IP addresses are permitted to deliver messages on your domain name’s behalf. SPF email protection gives the recipient the choice to block emails received from an IP that is not listed in your Sender policy framework record or by a sender who is not authorized to transmit on behalf of your domain name.

The recipient email server runs a DNS query to locate the TXT record during mail delivery to determine whether the sender’s server IP matches the list of permitted IP addresses for the sender’s domain. The sender’s email message may experience a soft fail or a hard fail if no Sender policy framework record is discovered.

You have control over which emails are delivered to your mailbox as an email administrator. A “hard fail” will be either deleted or sent to the recipient’s spam box. Depending on the security settings of the email administrator, a “soft fail” may still reach the intended recipient but it may also be dropped by the recipient email server.

SPF record check

You must have a valid SPF record in order to implement SPF. To test your SPF record, use our free SPF record checker tool.

In order to avoid problems after updates, we can also pre-validate an update you intend to make to your record. Before implementing any adjustments to your SPF record, we advise you to thoroughly test it. 

You can update your SPF record in your DNS without risk after putting it through all these checks!

What does an SPF record look like?

Here is an example:

v=spf1 ip4:35.213.11.232 ip6:2b03:d028:e5:8d00:cc51:dbc8:7b62:852v include:otherdomain.com -all

Below is an explanation of the Sender policy framework record syntax:

The Sender policy framework version tag is v=spf1, which refers to the version of the Sender policy framework record.

The IP address refers to the IP addresses that are authorized.

The ‘include’ tag specifies the domain’s third-party names allowed to send emails.

The ‘all’ tag is an important tag as it determines how the recipient servers deal with emails. For example, the ‘~all’ label refers to a soft fail, whereas ‘-all’ stands for a hard fail. The “+all” tag is a free-for-all option which means any server can send emails from the domain.

We advise against using the “+all” tag, as it could lead to potential phishing attacks.

This is a brief summary of the possible contents of an SPF record. Here is a more in-depth look into SPF record syntax.

Conclusion

Skysnag automates DMARC, SPF, and DKIM for you to increase email deliverability. With that being said, avoid email spoofing attacks with Skysnag’s automated software which allows you to confirm the validity of emails.

Sign up using this link for a free trial today and ensure your organization’s SPF records are configured correctly. 

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.

Check your domain’s DMARC security compliance