Difference between revisions of "SPF Records"

From HE FAQ
Jump to: navigation, search
(How do I create an SPF record?)
m
 
(10 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
SPF is a method used by some email providers to help identify legitimate users of an email domain.  It's fairly easy for anyone to send email claiming to be using any particular domain, but it's much harder to hide where the email actually comes from (the IP address).  SPF records are a type of DNS record that's associated with your domain name, so email providers can look up your domain name and see whether someone using a particular IP address is supposed to be sending email using your domain name.
 
SPF is a method used by some email providers to help identify legitimate users of an email domain.  It's fairly easy for anyone to send email claiming to be using any particular domain, but it's much harder to hide where the email actually comes from (the IP address).  SPF records are a type of DNS record that's associated with your domain name, so email providers can look up your domain name and see whether someone using a particular IP address is supposed to be sending email using your domain name.
 
= What do I need to know about how SPF works? =
 
= What do I need to know about how SPF works? =
First of all, the following instructions apply '''only if you're using our default email settings'''.  You should '''not use''' these instructinos if you're doing any of the following:
+
First of all, the following instructions apply '''only if you're using our default email settings'''.  You should '''not use''' these instructions if you're doing any of the following:
 
* Using an email provider other than Hurricane Electric
 
* Using an email provider other than Hurricane Electric
 
* Using a DNS provider (nameservers) other than Hurricane Electric
 
* Using a DNS provider (nameservers) other than Hurricane Electric
 
* Sending your email through a third party, such as an Exchange server, or a 3rd party mail server maintained by another service provider or your ISP
 
* Sending your email through a third party, such as an Exchange server, or a 3rd party mail server maintained by another service provider or your ISP
 +
In such cases, please contact support@he.net and we will be happy to provide some advice appropriate to your situation.
 
= Do I need an SPF record? =
 
= Do I need an SPF record? =
Not usuallyNot all mail servers check SPF, and those that do check SPF often use it as one of many factors that determine whether an email is detected as spam.  If you find that many of your emails are being identified as spam, and either blocked or put in recipients' spam folders, creating an SPF record may help.  Also, if you find that spam is being sent with your domain in the "from" address, adding an SPF record may help in such cases.
+
It is definitely recommended, especially if you send to Gmail users.  Gmail requires valid SPF and AAAA records if the mail is sent over IPv6Although not all mail servers check SPF, those that do check SPF use it as one of the factors that determine whether an email is detected as spam.  If you find that many of your emails are being identified as spam, and either blocked or put in recipients' spam folders, creating an SPF record may help.  Also, if you find that spam is being sent with your domain in the "from" address, adding an SPF record may help in such cases.
 +
 
 
= How do I create an SPF record? =
 
= How do I create an SPF record? =
# Note that these instructions will work if you have the "default" DNS zone setup.
+
# Note that these instructions will work if you have the "default" DNS zone setup. If you have made changes to your DNS zone file, please contact support@he.net for assistance.
# If you have made changes to your DNS zone file, please contact support@he.net for assistance.
+
 
# Log into admin.he.net.
 
# Log into admin.he.net.
 
# In the lower-left part of the information box at the top of the page, you will see a line that says something like: "Server: server.he.net".  Make a note of the server name.
 
# In the lower-left part of the information box at the top of the page, you will see a line that says something like: "Server: server.he.net".  Make a note of the server name.
 
# Click on your domain name under "Active Domains For This Account".
 
# Click on your domain name under "Active Domains For This Account".
 
# Click on the tab at the top that says, "New TXT".
 
# Click on the tab at the top that says, "New TXT".
# In the "Text string" field, enter the SPF information, which should look like this. Instead of "server.he.net," use the server name you noted earlier.
+
# Leave the "Name" field blank (your domain name will be used by default)
 +
# In the "Text string" field, enter the SPF information, which should look like this:
 +
 
 +
<pre>v=spf1 a a:server.he.net -all</pre>
 +
 
 +
Instead of "server.he.net," use the server name you noted earlier.
 +
 
 +
Make sure to hit the "Submit" button once you are done to actually create the record in your DNS zone.
 +
 
 +
The 'a' authorizes your domain name's IP addresses.  This is usually the same as the mail server, but some users configure their DNS differently.
 +
 
 +
If you are pointing your domain to a different web hosting provider's IP address while still hosting mail with us, you can use 'mx' instead of, or in addition to, 'a' in your SPF record.
 +
 
 +
If you are uncertain, please contact support@he.net for assistance.
 +
 
 +
The 'a:server.he.net' authorizes your server's IP address.  This permits scripts on your website or account to send email using your domain.
 +
 
 +
You can add more domain names of mail servers that are authorized if needed using the same general format.
 +
 
 +
The '-all' indicates that mail from sources that are not specified in the SPF is spoofed mail which should be rejected, discarded, or placed in a spam folder.
  
<pre>v=spf1 a a:server.he.net ~all</pre>
+
If you are not sure that you have listed all valid sources for email from your domain, you can change the '-all' to be '~all' instead. The '~all' would indicate that your domain is not quite ready for strict SPF checks and that there may be legitimate mail coming from sources that are not yet specifically authorized in the SPF record for your domain.
  
# Leave the "Name" field blank (your domain name will be used by default) and click "Submit".
+
You can find out more about SPF at [http://www.open-spf.org/ http://www.open-spf.org].
# The 'mx' authorizes the IP address of your domain name's mail server.
+
# The 'a' authorizes your domain name's IP addresses.  This is usually the same as the mail server, but some users configure their DNS differently.
+
# The 'a:server.he.net' authorizes your server's IP address.  This permits scripts on your website or account to send email using your domain.  If you don't send any emails that way, you can omit this section.
+
# You can add more domain names of mail servers that are authorized if needed using the same general format.
+
# The '~all' instructs mail servers to accept mail from unauthorized IP addresses but mark them as having failed the SPF check.
+
# If you are absolutely certain that legitimate emails from your domain will never be sent from unauthorized email addresses, you can change the '~all' to be '-all' instead.  If you use '-all' instead, mail servers will be instructed to reject mail that fails the SPF check.
+
# You can find out more about SPF here: [http://www.openspf.org/]
+

Latest revision as of 12:52, 11 March 2022

This information only pertains to Hurricane Electric's Shared Web Hosting package. There may be different information in our other categories.

This document explains what an SPF record is, why you might want one, and how to create one.

What is SPF?

SPF is a method used by some email providers to help identify legitimate users of an email domain. It's fairly easy for anyone to send email claiming to be using any particular domain, but it's much harder to hide where the email actually comes from (the IP address). SPF records are a type of DNS record that's associated with your domain name, so email providers can look up your domain name and see whether someone using a particular IP address is supposed to be sending email using your domain name.

What do I need to know about how SPF works?

First of all, the following instructions apply only if you're using our default email settings. You should not use these instructions if you're doing any of the following:

  • Using an email provider other than Hurricane Electric
  • Using a DNS provider (nameservers) other than Hurricane Electric
  • Sending your email through a third party, such as an Exchange server, or a 3rd party mail server maintained by another service provider or your ISP

In such cases, please contact support@he.net and we will be happy to provide some advice appropriate to your situation.

Do I need an SPF record?

It is definitely recommended, especially if you send to Gmail users. Gmail requires valid SPF and AAAA records if the mail is sent over IPv6. Although not all mail servers check SPF, those that do check SPF use it as one of the factors that determine whether an email is detected as spam. If you find that many of your emails are being identified as spam, and either blocked or put in recipients' spam folders, creating an SPF record may help. Also, if you find that spam is being sent with your domain in the "from" address, adding an SPF record may help in such cases.

How do I create an SPF record?

  1. Note that these instructions will work if you have the "default" DNS zone setup. If you have made changes to your DNS zone file, please contact support@he.net for assistance.
  2. Log into admin.he.net.
  3. In the lower-left part of the information box at the top of the page, you will see a line that says something like: "Server: server.he.net". Make a note of the server name.
  4. Click on your domain name under "Active Domains For This Account".
  5. Click on the tab at the top that says, "New TXT".
  6. Leave the "Name" field blank (your domain name will be used by default)
  7. In the "Text string" field, enter the SPF information, which should look like this:
v=spf1 a a:server.he.net -all

Instead of "server.he.net," use the server name you noted earlier.

Make sure to hit the "Submit" button once you are done to actually create the record in your DNS zone.

The 'a' authorizes your domain name's IP addresses. This is usually the same as the mail server, but some users configure their DNS differently.

If you are pointing your domain to a different web hosting provider's IP address while still hosting mail with us, you can use 'mx' instead of, or in addition to, 'a' in your SPF record.

If you are uncertain, please contact support@he.net for assistance.

The 'a:server.he.net' authorizes your server's IP address. This permits scripts on your website or account to send email using your domain.

You can add more domain names of mail servers that are authorized if needed using the same general format.

The '-all' indicates that mail from sources that are not specified in the SPF is spoofed mail which should be rejected, discarded, or placed in a spam folder.

If you are not sure that you have listed all valid sources for email from your domain, you can change the '-all' to be '~all' instead. The '~all' would indicate that your domain is not quite ready for strict SPF checks and that there may be legitimate mail coming from sources that are not yet specifically authorized in the SPF record for your domain.

You can find out more about SPF at http://www.open-spf.org.