The basics of a SPF record

The basics of a SPF record
Remacle Jean-Claude
4 minutes
2022-07-21
what is
how to
DNS
security

Spam, spam, spam.

Nothing so irritating as getting spam and even worse, nothing is more hateful than when your professional mailings ends up in your customers' spam.

The battle against spam and email scams is a never ending battle and as result of that, some standards have to evolve with it.

One of those standards is the SPF (Sender Policy Framework) record.
With the help of the SPF record, you can decide which servers may send mails on behalf of the domain where the SPF record has been added.

What is the SPF record?

SPF (Sender Policy Framework) is one of the standards that helps senders and recipients to protect against spam and email scam (spoofing and phishing mails).

You can provide a public list of approved sender(s) in the SPF record that the receivers then can cross-check. That way they can check if the email originated from a server that has permission to send on the domains behalf.

Is a SPF record mandatory

Don't worry, it's still possible to send mails without SPF record.
But off course, with SPF record, you have more certainty that your mail won't get delivered in the SPAM of the receiver.

Keep in mind, SPF won't solve all delivery problems. It's just one of the standards that can improve your delivery rates and prevent abuse of your domain name.

How does SPF works

Now, we already know what SPF record is, but how does it works?

The first thing you should know is that the SPF record is all about the domain in the return path and not in the FROM of the mail.

What is the workflow of the SPF record

  1. A server with the IP address of 1.2.3.4 sends an email, that email is using This email address is being protected from spambots. You need JavaScript enabled to view it. as the Return-Path.
  2. The receiving server takes the domain from the return-path (example.be) and get the SPF record from the DNS records.
  3. It checks if the sender IP (1.2.3.4) is listed in the SPF record as trusted IP
  4. If the sender IP is valid then the sending IP is listed as approved sender and the SPF check passes. If the check fails then the receiving server will most likely reject the mail.

SPF record syntax

A SPF record can look confusing and complicated at first, but if you break it down than it's pretty simple.

For example is we look at the following SPF record

v=spf1 a mx include:spf.example.be ~all

The SPF record exist out the version and the mechanisms.

SPF record syntax version

If we look at the example SPF record above then we see that the SPF version is "v=spf1".
This is to let the parsers know that this is the SPF record since there can be more then one TXT records for a domain.

SPF record syntax mechanisms

The mechanisms is the second part of the SPF record.

In our example SPF record this is "a mx include:spf.example.be ~all"

The mechanisms exist out of different rules on how to check for SPF.

There are the following types of mechanisms:

mechanismdescription
a IP that matches A record of domain will pass
mx IP that matches MX record of domain will pass
include IP that matches SPF record of the included domain will pass
all matches all IP with a soft fail

SPF qualifiers

Mechanisms can also have a prefix, this is the qualifier.
This describes the action that needs to be taken when the IP matches.

The default qualifier is "+"

qualifierdescription
+ PASS - IP that matches will PASS 
- FAIL - IP that matches will FAIL
~ SOFTFAIL - the host will accept it but marks it with as a SPF failure
? NEUTRAL - IP that matches will not pass but also not fail, it remains neutral

Implement the SPF record

Now we know what a SPF records is and how to create the SPF record. Now there only remains one thing to do, implement it.

As we already knows, the SPF record is a DNS record, so we need to go to the DNS zone of the domain where we want to implement the SPF record.

Once the record is implemented, you can check if it's build correctly.

One of the easiest and best SPF record checker is the SPF checker of dmarcanalyser.com.

Conclusion

Creating and implementing the SPF record is not always as easy as it looks.
Especially when you don't have the understanding of it.

jCreativeWeb can help you with creating and implementing the SPF record for you.

Contact Us