This document explains what an SPF record is, why you might want one, and how to create one.
What is SPF?
SPF is a method used by some email providers to help identify legitimate users of an email domain. It's fairly easy for anyone to send email claiming to be using any particular domain, but it's much harder to hide where the email actually comes from (the IP address). SPF records are a type of DNS record that's associated with your domain name, so email providers can look up your domain name and see whether someone using a particular IP address is supposed to be sending email using your domain name.
What do I need to know about how SPF works?
First of all, the following instructions apply only if you're using our default email settings. You should not use these instructions if you're doing any of the following:
- Using an email provider other than Hurricane Electric
- Using a DNS provider (nameservers) other than Hurricane Electric
- Sending your email through a third party, such as an Exchange server, or a 3rd party mail server maintained by another service provider or your ISP
In such cases, please contact email@example.com and we will be happy to provide some advice appropriate to your situation.
Do I need an SPF record?
It is definitely recommended, especially if you send to Gmail users. Gmail requires valid SPF and AAAA records if the mail is sent over IPv6. Although not all mail servers check SPF, those that do check SPF use it as one of the factors that determine whether an email is detected as spam. If you find that many of your emails are being identified as spam, and either blocked or put in recipients' spam folders, creating an SPF record may help. Also, if you find that spam is being sent with your domain in the "from" address, adding an SPF record may help in such cases.
How do I create an SPF record?
- Note that these instructions will work if you have the "default" DNS zone setup. If you have made changes to your DNS zone file, please contact firstname.lastname@example.org for assistance.
- Log into admin.he.net.
- In the lower-left part of the information box at the top of the page, you will see a line that says something like: "Server: server.he.net". Make a note of the server name.
- Click on your domain name under "Active Domains For This Account".
- Click on the tab at the top that says, "New TXT".
- Leave the "Name" field blank (your domain name will be used by default)
- In the "Text string" field, enter the SPF information, which should look like this:
v=spf1 a a:server.he.net -all
Instead of "server.he.net," use the server name you noted earlier.
Make sure to hit the "Submit" button once you are done to actually create the record in your DNS zone.
The 'a' authorizes your domain name's IP addresses. This is usually the same as the mail server, but some users configure their DNS differently.
If you are pointing your domain to a different web hosting provider's IP address while still hosting mail with us, you can use 'mx' instead of, or in addition to, 'a' in your SPF record.
If you are uncertain, please contact email@example.com for assistance.
The 'a:server.he.net' authorizes your server's IP address. This permits scripts on your website or account to send email using your domain.
You can add more domain names of mail servers that are authorized if needed using the same general format.
The '-all' indicates that mail from sources that are not specified in the SPF is spoofed mail which should be rejected, discarded, or placed in a spam folder.
If you are not sure that you have listed all valid sources for email from your domain, you can change the '-all' to be '~all' instead. The '~all' would indicate that your domain is not quite ready for strict SPF checks and that there may be legitimate mail coming from sources that are not yet specifically authorized in the SPF record for your domain.
You can find out more about SPF at http://www.openspf.org.