SPF Records

(SPF record) Sender Policy Framework is a type of DNS TXT record for emails related to a specific domain name. SPF records help protect your email reputation and combat email spoofing by setting up a Sender Policy Framework (SPF) record.

What Is the SPF Record? What Does SPF Record Do?

SPF records are DNS settings that list the servers allowed to send emails for your domain. By listing authorized sending IPs in the SPF record, it helps prevent email spoofing—where attackers send emails from your domain without permission. When an email arrives, the receiving server checks the domain’s SPF record to confirm whether the sending server is authorized. This process helps improve the credibility and security of the email.

SPF records help make sure your emails actually reach inboxes and not spam folders. By validating that emails originate from authorized servers, SPF records help stop spoofing and reinforce the credibility of your domain’s email communications.

Using SPF Records with VPS and Dedicated Hosting Servers

In Bluehost’s VPS and Dedicated hosting, email originates from your server’s IP address. The platform sets up a default SPF record that authorizes this IP, and because each server has a unique address, the SPF record will differ from one setup to another.

This record is composed of three parts:

1. v=spf1 specifies that this is an SPF record.
2. +a +mx +ip4:198.51.100.123 authorizes sending from the domain's A record, MX record, and IPv4 address 198.51.100.123.
   • This is the record where you can add IP addresses and include SPF rules for other domains.
   • Third-party email marketing tools often require that you update your SPF record to accommodate their servers.
3. ~all specifies how hosts should regard servers that are not on the list. There are a few modifications you can use here:
   • -all "Hard Fail" means to reject all mail that isn't on the allowed list.
   • ~all "Soft fail" means receive mail not on the allowed list, but treat it with more scrutiny.
   • ?all "Neutral" means receive all mail; there isn't a policy for servers not on the list.

The Process of SPF Validation

SPF (Sender Policy Framework) records involve a series of steps that receiving mail servers follow to validate the authenticity of incoming emails. Here's the process broken down:

1. Email sent. An email is dispatched from the sender's email server.
2. SPF record lookup. Upon receiving an email, the recipient's mail server performs a DNS lookup to find the SPF record of the sender's domain.
3. The SPF record is pulled from your domain’s DNS and lists which IP addresses are allowed to send emails using your domain name.
4. Compare IP addresses. When an email comes in, the recipient’s server checks the IP address it was sent from and compares it to the list in your SPF record to see if it’s allowed.
5. Validation outcome:
   • If the sending server's IP matches an authorized IP in the SPF record, the email passes the SPF validation. This indicates that it's from a legitimate source.
   • If there's no match, the email fails the SPF validation. This would raise suspicions of email spoofing or unauthorized use of the domain.

How to Customize SPF Records

If you're using another host to send an email for your domain, customize your SPF record by adding additional servers and IPs to the second part of the record. And if you want to make your record more strict to defend the domain from email spoofing, adjust the policy for "all."

For example, if your domain only used the address 198.51.100.123 for outgoing mail and you want to make the sending policy as strict as possible, you could use this SPF record:

This record authorizes sending mail from 198.51.100.123 only; no other servers are authorized.

How to Add an SPF Record

SPF records are added to your domain’s Zone File as TXT entries. If you're using Bluehost, keep in mind that they automatically include a default SPF record for each domain. So, if you need to add a custom SPF record, it’s a good idea to remove the default one first through your cPanel to avoid conflicts or duplication.

1. Log in to your Bluehost Account Manager.
2. In the left-hand menu, click Websites.
3. Click the MANAGE button located next to the website you want to manage.

   
    

4. Select and click the domain you want to manage. If one domain, you will be redirected to the OVERVIEW tab, then select the DNS tab.

   

5. In the Manage Advanced DNS Records section of the DNS tab, click the + ADD RECORD button on the right.

   

6. You can either add Single or Multiple Advanced DNS records.
   • If you choose the Single record option, you can only add one DNS record at a time.
     • Select the record type (MX/TXT Records) and enter the values below.
     • Click ADD to save the new DNS record.
   •  If you choose the Multiple records option, you can add one or more DNS records.
     • Select the record type (TXT Records) from the dropdown and click CONTINUE.
     • Enter the values below, then click the ADD MORE RECORDS button to add more DNS records.
        
7. Name: Type your domain name (without the www)
    

   Type: TXT

   Refers to: @

   TXT Value: This is where you paste your new SPF record ( v=spf1 include:spf.titan.email ~all

   ).

   TTL: 14400 (4Hr)

8. Once all is applied, click ADD.

   You're done!

Best Practices for SPF Record Management

Proper management of SPF (Sender Policy Framework) records is important to safeguard your email deliverability and maintain the security of your email communications. Sticking to email best practices helps make sure your messages land in inboxes—not spam folders—and get seen by the people you’re trying to reach. Observe these key strategies:

Keep your sender list updated:

• To avoid email delivery problems, regularly audit your SPF record and make sure it includes every IP address and domain that’s authorized to send on your behalf.
• Conduct periodic audits to add new services or remove those no longer in use to keep the SPF record accurate.

Avoid common SPF record pitfalls:

• SPF record flattening. Use SPF record flattening cautiously to simplify your SPF record and avoid exceeding DNS lookup limits, but ensure it's kept up-to-date as IP addresses change.
• DNS lookup limit. Keep in mind that SPF records have a limit of 10 DNS lookups. If you go over that, your SPF check might fail, which can affect email delivery. To avoid this, try to simplify your SPF record by combining entries where you can. A cleaner, more efficient setup helps ensure your emails get through safely and reliably.
• Regular testing and validation. Use SPF validation tools to test your SPF record for potential issues. This ensures that it's correctly configured for optimal email deliverability.

Summary

To ensure emails from your domain name remain in good standing, safe, and out of spam folders, it's important to add an additional special layer on DNS TXT records and implement email authentication standards like SPF record and DKIM (DomainKeys Identified Mail). This DNS record helps control emails from being modified or spoofed. Implementing email security measures such as SPF (Sender Policy Framework) helps ensure safer and more reliable email communication.