SPF Records

From HE FAQ
Revision as of 11:30, 8 August 2013 by Galperin (Talk | contribs)

Jump to: navigation, search

This information only pertains to Hurricane Electric's Shared Web Hosting package. There may be different information in our other categories.

This document explains what an SPF record is, why you might want one, and how to create one.

What is SPF?

SPF is a method used by some email providers to help identify legitimate users of an email domain. It's fairly easy for anyone to send email claiming to be using any particular domain, but it's much harder to hide where the email actually comes from (the IP address). SPF records are a type of DNS record that's associated with your domain name, so email providers can look up your domain name and see whether someone using a particular IP address is supposed to be sending email using your domain name.

What do I need to know about how SPF works?

First of all, the following instructions apply only if you're using our default email settings. You should not use these instructinos if you're doing any of the following:

  • Using an email provider other than Hurricane Electric
  • Using a DNS provider (nameservers) other than Hurricane Electric
  • Sending your email through a third party, such as an Exchange server, or a 3rd party mail server maintained by another service provider or your ISP

Do I need an SPF record?

Not usually. Not all mail servers check SPF, and those that do check SPF often use it as one of many factors that determine whether an email is detected as spam. If you find that many of your emails are being identified as spam, and either blocked or put in recipients' spam folders, creating an SPF record may help. Also, if you find that spam is being sent with your domain in the "from" address, adding an SPF record may help in such cases.

How do I create an SPF record?

  1. Log into admin.he.net.
  2. Click on your domain name under "Active Domains For This Account".
  3. Click on the tab at the top that says, "New TXT".
  4. In the "Text string" field, enter the SPF information which should look like this:
v=spf1 a:example.com a:server.he.net ~all
  1. Leave the "Name" field blank (your domain name will be used by default) and click "Submit".
  2. The 'a:example.com' authorizes your domain name's IP addresses.
  3. The 'a:server.he.net' authorizes your server's IP addresses.
  4. You can add more domain names of mail servers that are authorized if needed using the same general format.
  5. The '~all' instructs mail servers to accept mail from unauthorized IP addresses but mark them as having failed the SPF check.
  6. If your are absolutely certain that legitimate emails from your domain will never be sent from unauthorized email addresses, you can change the '~all' to be '-all' instead.
  7. If you use '-all' instead, mail servers will be instructed to reject mail that fails the SPF check.
  8. You can find out more about SPF here: [1]