Loading...

Knowledge Base
Up to 75% off on hosting for WordPress websites and online stores

SPF Records

A Sender Policy Framework (SPF record) is a special type of DNS TXT record for emails related to a specific domain name. SPF records help protect your email reputation and combat email spoofing by setting up a Sender Policy Framework (SPF) record.



What Is the SPF Record? What Does SPF Record Do?

An SPF (Sender Policy Framework) record is a type of DNS (Domain Name System) record that identifies which mail servers are permitted to send email on behalf of your domain. By listing authorized sending IPs in the SPF record, it helps prevent email spoofing—where attackers send emails from your domain without permission. When an email is received, the recipient's server checks the SPF record to verify if the sending server is authorized. This enhances email authenticity and security.

The primary function of an SPF record is to improve email deliverability and protect your domain's reputation by minimizing the risk of your emails being marked as spam or phishing attempts. It acts as a first line of defense against email spoofing by ensuring that only emails sent from approved servers reach their intended recipients. This increases the trust in your domain's email communications.


Using SPF Records with VPS and Dedicated Hosting Servers

This article outlines what you need to know about SPF records and how they can be implemented at Bluehost for VPS and Dedicated hosting.

Email is sent directly from the server in our VPS and dedicated hosting plans. The default SPF record authorizes the VPS or Dedicated server's IP address, so each one is different. Here is an example of a default SPF record would be for a server at 198.51.100.123.

v=spf1 +a +mx +ip4:198.51.100.123 ~all

This record is composed of three parts:

  1. v=spf1 specifies that this is an SPF record.
  2. +a +mx +ip4:198.51.100.123 authorizes sending from the domain's A record, MX record, and ipv4 address 198.51.100.123.
    • This is the record where you can add IP addresses and include SPF rules for other domains.
    • Third-party email marketing tools often require that you update your SPF record to accommodate their servers.
  3. ~all specifies how hosts should regard servers that are not on the list. There are a few modifications you can use here:
    • -all "Hard Fail" means to reject all mail that isn't on the allowed list.
    • ~all "Soft fail" means accept mail not on the allowed list but treat it with more scrutiny.
    • ?all "Neutral" means accept all mail; there isn't a policy for servers not on the list.

The Process of SPF Validation

SPF (Sender Policy Framework) records involve a series of steps that receiving mail servers follow to validate the authenticity of incoming emails. Here's the process broken down:

  1. Email sent. An email is dispatched from the sender's email server.
  2. SPF record lookup. Upon receiving an email, the recipient's mail server performs a DNS lookup to find the SPF record of the sender's domain.
  3. Retrieve SPF record. The SPF record, which is a list of IP addresses authorized to send emails on behalf of the domain, is retrieved from the DNS.
  4. Compare IP addresses. The recipient's mail server compares the IP address of the mail server that sent the email against the list of authorized IPs in the SPF record.
  5. Validation outcome:
    • If the sending server's IP matches an authorized IP in the SPF record, the email passes the SPF validation. This indicates that it's from a legitimate source.
    • If there's no match, the email fails the SPF validation. This would rasie suspicions of email spoofing or unauthorized use of the domain.

How to Customize SPF Records

If you're using another host to send an email for your domain, customize your SPF record by adding additional servers and IPs to the second part of the record. And if you want to make your record more strict to defend the domain from email spoofing, adjust the policy for "all."

For example, if your domain only used the address 198.51.100.123 for outgoing mail and you want to make the sending policy as strict as possible, you could use this SPF record:

v=spf1 ip4:198.51.100.123 -all

This record authorizes sending mail from 198.51.100.123 only; no other servers are authorized.

For a more in-depth look at SPF syntax and mechanisms, see spf-record.com.


How to Add an SPF Record

SPF records are added to your Zone File as TXT records. Keep in mind that, by default, Bluehost adds an SPF record to your zone file for each domain, so if you want to add another record, it's best to delete the default one from inside your cPanel.

For further guidance on how to add or modify a DNS Record such as an SPF Record, more details can be found in this guide: DNS Management: How to Add, Edit, or Delete DNS Entries — DNS Zone Editor and Advanced DNS Records.
  1. Log in to your Bluehost control panel.
  2. Click the Domains tab from the side navigation menu to the left.
  3. Locate the domain name you wish to update, click the v icon next to Advanced Tools.
    Advanced tools under Domains tab
  4. Next, click MANAGE next to Advanced DNS Records.
    Manage button under Advanced Tools
  5. If you're removing an existing SPF record, scroll down to the TXT record section to find it, and then click Delete.
  6. To add a new SPF record, click + Add Record button.
    Add record button
  7. A box will appear. Next, enter this information under Add DNS Record at the top of the Zone Editor:
    Add advanced DNS record
    • Name: Type your domain name (without the www)
    • TTL: 14400
    • Type: TXT
    • TXT Value: This is where you paste your new SPF record.
  8. Click Add Record.

    You're done!


Best Practices for SPF Record Management

Proper management of SPF (Sender Policy Framework) records is important to safeguard your email deliverability and maintaining the security of your email communications. Adhering to best practices ensures that your legitimate emails reach their intended recipients without being blocked or marked as spam. Observe these key strategies:

Keep your sender list updated:

  • Regularly review and update your SPF record to include all IP addresses and domains authorized to send emails on your behalf.
  • Conduct periodic audits to add new services or remove those no longer in use to keep the SPF record accurate.

Avoid common SPF record pitfalls:

  • SPF record flattening. Use SPF record flattening cautiously to simplify your SPF record and avoid exceeding DNS lookup limits, but ensure it's kept up-to-date as IP addresses change.
  • DNS lookup limit. Be mindful of the SPF 10 DNS lookup limit. Exceeding this limit can lead to SPF check failures. Optimize your SPF record by consolidating entries where possible.
  • Regular testing and validation. Use SPF validation tools to test your SPF record for potential issues. This ensures that it's correctly configured for optimal email deliverability.

Summary

To ensure emails from your domain name remain in good standing, safe, and out of spam folders, it's important to add the additional special layer on DNS TXT records and implement email authentication standards like SPF record and DKIM (DomainKeys Identified Mail). This DNS record helps prevent emails from being modified or spoofed. Implementing email security measures such as SPF (Sender Policy Framework) helps safer and more reliable email communication.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.

Did you find this article helpful?

 
* Your feedback is too short

Loading...