DNS Management: SPF Records (VPS & Dedicated Hosting) | Bluehost Support
  1. bluehost knowledge base

DNS Management: SPF Records (VPS & Dedicated Hosting)

Protect your email reputation and combat email spoofing by setting up a Sender Policy Framework (SPF) record. It's a type of DNS record that notifies the recipient's mail host which mail servers are authorized to send email from your domain name, making it much more difficult for someone to spoof your email address trying to impersonate you.

This article outlines what you need to know about SPF records and how they can be implemented at Bluehost for VPS and Dedicated hosting. 



Using SPF Records with VPS and Dedicated Hosting

On our VPS and Dedicated hosting plans, email is sent out directly from the server. The default SPF record authorizes the VPS or Dedicated server's IP address, so each one is different. Here is an example of what the default SPF record would be for a server at 198.51.100.123.

v=spf1 +a +mx +ip4:198.51.100.123 ~all

This record is composed of three parts:

  1. v=spf1 specifies that this is an SPF record.
  2. +a +mx +ip4:198.51.100.123 authorizes sending from the domain's A record, MX record, and ipv4 address 198.51.100.123.
    • This is the record where you can add IP addresses and include SPF rules for other domains.
    • Third-party email marketing tools often require that you update your SPF record to accommodate their servers.
  3. ~all specifies how hosts should regard servers that are not on the list. There are a few modifications you can use here:
    • -all "Hard Fail" means to reject all mail that isn't on the allowed list.
    • ~all "Soft fail" means accept mail, not on the allowed list, but treat it with more scrutiny.
    • ?all "Neutral" means accept all mail; there isn't a policy for servers not on the list.

Customizing SPF Records

If you're using another host to send an email for your domain, customize your SPF record by adding additional servers and IPs to the second part of the record. And if you want to make your record more strict to defend the domain from email spoofing, adjust the policy for "all."

For example, if your domain only used the address 198.51.100.123 for outgoing mail and you want to make the sending policy as strict as possible, you could use this SPF record:

v=spf1 ip4:198.51.100.123 -all

This record authorizes sending mail from 198.51.100.123 only; no other servers are authorized.

For a more in-depth look at SPF syntax and mechanisms, see spf-record.com.

Add an SPF Record

SPF records are added to your Zone File as TXT records. Keep in mind that, by default, Bluehost adds an SPF record to your zone file for each domain, so if you want to add another record, it's best to delete the default one from inside your cPanel.

Note: The Advanced tab will load your cPanel. Legacy accounts will feature a horizontal navigation bar at the top of the screen, while Bluerock account users will see a vertical navigation menu on the left-hand side of the screen. To learn more, please see Bluerock vs. Legacy.

Access the DNS Zone Editor

The first step to managing your DNS records is to access the Zone Editor. The steps vary depending on what type of account you are using:

Bluerock

  1. Log in to your Bluehost control panel.
  2. Click the Domains tab from the side navigation menu to the left.
  3. Next to the domain name you wish to update, click the icon next to Manage, then choose DNS from the drop-down menu that appears.
    rock-bh-domains-tab1
  4. Select your domain name from the drop-down.
  5. If you're removing an existing SPF record, scroll down to the TXT record section to find it, and then click Delete.
  6. To add a new SPF record, enter this information under Add DNS Record at the top of the Zone Editor:
    • Name: Type your domain name (without the www)
    • TTL: 14400
    • Type: TXT
    • TXT Value: This is where you would paste in your new SPF record.
  7. Click Add Record.

Legacy

  1. Log in to your Bluehost control panel.
  2. Click the Domains tab from the navigation menu that stretches across the top of your screen.
  3. Click the Zone Editor from the sub-menu.
  4. Select the domain you're modifying from the drop-down box.
    rock-account-product
  5. If you're removing an existing SPF record, scroll down to the TXT record section to find it, and then click Delete.
  6. To add a new SPF record, enter this information under Add DNS Record at the top of the Zone Editor:
    • Name: Type your domain name (without the www)
    • TTL: 14400
    • Type: TXT
    • TXT Value: This is where you would paste in your new SPF record.
  7. Click Add Record.

You may also access your Zone Editor and DNS records directly using this link: 
https://my.Bluehost.com/cgi/app/#/domains/manage/exampledomain.com/dns 
Note: Don't forget to replace exampledomain.com with your actual domain name.

You're done!

For further assistance, you may contact our Chat Support or Phone Support via 888-401-4678. You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.