This document explains what an SPF record is, why you might want one, and how to create one.

What is SPF?

SPF is a method used by some email providers to help identify legitimate users of an email domain. It's fairly easy for anyone to send email claiming to be using any particular domain, but it's much harder to hide where the email actually comes from (the IP address). SPF records are a type of DNS record that's associated with your domain name, so email providers can look up your domain name and see whether someone using a particular IP address is supposed to be sending email using your domain name.

What do I need to know about how SPF works?

First of all, the following instructions apply only if you're using our default email settings. You should not use these instructions if you're doing any of the following:

• Using an email provider other than Hurricane Electric
• Using a DNS provider (nameservers) other than Hurricane Electric
• Sending your email through a third party, such as an Exchange server, or a 3rd party mail server maintained by another service provider or your ISP

Do I need an SPF record?

Not usually. Not all mail servers check SPF, and those that do check SPF often use it as one of many factors that determine whether an email is detected as spam. If you find that many of your emails are being identified as spam, and either blocked or put in recipients' spam folders, creating an SPF record may help. Also, if you find that spam is being sent with your domain in the "from" address, adding an SPF record may help in such cases.

How do I create an SPF record?

1. Note that these instructions will work if you have the "default" DNS zone setup. If you have made changes to your DNS zone file, please contact support@he.net for assistance.
2. Log into admin.he.net.
3. In the lower-left part of the information box at the top of the page, you will see a line that says something like: "Server: server.he.net". Make a note of the server name.
4. Click on your domain name under "Active Domains For This Account".
5. Click on the tab at the top that says, "New TXT".
6. In the "Text string" field, enter the SPF information, which should look like this. Instead of "server.he.net," use the server name you noted earlier.

v=spf1 a a:server.he.net ~all

6. Leave the "Name" field blank (your domain name will be used by default) and click "Submit".

The 'a' authorizes your domain name's IP addresses. This is usually the same as the mail server, but some users configure their DNS differently.

The 'a:server.he.net' authorizes your server's IP address. This permits scripts on your website or account to send email using your domain. If you don't send any emails that way, you can omit this section.

You can add more domain names of mail servers that are authorized if needed using the same general format.

The '~all' instructs mail servers to accept mail from unauthorized IP addresses but mark them as having failed the SPF check.

If you are absolutely certain that legitimate emails from your domain will never be sent from unauthorized email addresses, you can change the '~all' to be '-all' instead. If you use '-all' instead, mail servers will be instructed to reject mail that fails the SPF check.

You can find out more about SPF here: [1]