How to set up your SPF Records

Email deliverability is crucial for any sender reaching out to leads, customers and audiences via email. However, technical aspects need to be addressed to ensure your emails reach their intended recipients. One of these crucial technical aspects is setting up SPF records.

In this article, you'll find:

What an SPF record is and why it's important

Who needs to set up their SPF record

How to set up your SPF record for:

   Google

   Microsoft

   Zoho Mail

   All other providers

Common questions on SPF Records

What is an SPF record?

An SPF record ('Sender Policy Framework') is a special type of DNS record that tells email providers which servers are allowed to send emails on behalf of your domain. Doing this reduces the risk of spammers using your domain to send harmful emails. This mechanism also verifies the authenticity of your emails, which boosts your emails’ chances of getting delivered.

Why do you need to set up your SPF?

You need to set up your SPF to:

  1. Prevent email spoofing: An SPF record can stop unauthorized hosts from sending emails pretending to be from your domain. If you don't have an SPF record, it's easier for bad actors to fake your domain name in phishing or spam emails.
  2. Get your emails delivered: Emails sent from domains without SPF records set up have a higher chance of being marked as spam or not being delivered at all. Creating an SPF record ensures that your emails are successfully delivered to your audience.
  3. Keep a high sender reputation: Even when you aren't sending emails, having an SPF record can help keep your sender reputation safe by protecting it from being marked as spam.

Who needs to set up their SPF record?

You need to set up your SPF if you're a:

  1. Custom domain user: For high deliverability, you should send campaigns from a custom domain (e.g., user@yourbusiness.com). If you do, ensure to set up an SPF record to avoid spam and protect your sender reputation.
  2. Service provider or developers: Companies that host websites, provide email services, sell online, or create software should make sure their users' emails don't go to spam by setting up their SPF or ensuring users do it themselves. 
  3. Managed and enterprise solutions: Companies that use managed email systems, enterprise CRMs, or other professional platforms to send emails from custom domains should use SPF to make sure that emails are authentic and can be delivered.

How to set up your SPF record on Google?

Step 1: Sign in to your domain provider

Step 2: Navigate to the page to edit your domain’s DNS records

It can sometimes be called “DNS Management”, “Name Server Management”, or “Advanced Settings”.

Step 3: Check your current setup

Check that you don’t already have an SPF setup. An SPF record looks like this:

If your domain already has an SPF record, please check with your IT and/or provider to see where the problem comes from.
Only 1 SPF should be created per domain. Deleting an existing SPF can disconnect other tools that require it.

Step 4.a (if you have 2 or more tools that require SPF):

Add an SPF record for 2 tools. It should look like this:

Copy-paste the following text and replace “[tool-domain]” by the tool’s domain url:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf. [tool-domain] include:_spf. [tool-domain] ~all

Step 4.b (if you have 1 tool that require SPF):

Add an SPF record for 1 tools. It should look like this:

Copy-paste the following text:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.google.com ~all

Step 5: Check that your new setup works

You can test your technical setup here. Also make sure to use a warm-up and deliverability booster like lemwarm to monitor your deliverability. It will also alert you in case of any deliverability issues.

How to set up your SPF record on Microsoft?

Step 1: Sign in to your domain provider

Step 2: Navigate to the page to edit your domain’s DNS records

It can sometimes be called “DNS Management”, “Name Server Management”, or “Advanced Settings”.

Step 3: Check your current setup

Check that you don’t already have an SPF setup. An SPF record looks like this:

If your domain already has an SPF record, please check with your IT and/or provider to see where the problem comes from.
Only 1 SPF should be created per domain. Deleting an existing SPF can disconnect other tools that require it.

Step 4.a (if you have 2 or more tools that require SPF):

Add an SPF record for 2 tools. It should look like this:

Copy-paste the following text and replace “[tool-domain]” by the tool’s domain url:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.[tool-domain] include:_spf.[tool-domain] ~all

Step 4.b (if you have 1 tool that require SPF):

Add an SPF record for 1 tools. It should look like this:

Copy-paste the following text:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.google.com ~all

Step 5: Check that your new setup works

You can test your technical setup here. Also make sure to use a warm-up and deliverability booster like lemwarm to monitor your deliverability. It will also alert you in case of any deliverability issues.

How to set up your SPF record on Zoho mail?

Step 1: Sign in to your domain provider

Step 2: Navigate to the page to edit your domain’s DNS records

It can sometimes be called “DNS Management”, “Name Server Management”, or “Advanced Settings”.

Step 3: Check your current setup

Check that you don’t already have an SPF setup. An SPF record looks like this:

If your domain already has an SPF record, please check with your IT and/or provider to see where the problem comes from.
Only 1 SPF should be created per domain. Deleting an existing SPF can disconnect other tools that require it.

Step 4.a (if you have 2 or more tools that require SPF):

Add an SPF record for 2 tools. It should look like this:

Copy-paste the following text and replace “[tool-domain]” by the tool’s domain url:


TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.[tool-domain] include:_spf.[tool-domain] ~all

Step 4.b (if you have 1 tool that require SPF):

Add an SPF record for 1 tools. It should look like this:

Copy-paste the following text:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.zoho.com ~all

Step 5: Check that your new setup works

You can test your technical setup here. Also make sure to use a warm-up and deliverability booster like lemwarm to monitor your deliverability. It will also alert you in case of any deliverability issues.

How to set up your SPF record on other providers?

Step 1: Sign in to your domain provider

Step 2: Navigate to the page to edit your domain’s DNS records

It can sometimes be called “DNS Management”, “Name Server Management”, or “Advanced Settings”.

Step 3: Check your current setup

Check that you don’t already have an SPF setup. An SPF record looks like this:

If your domain already has an SPF record, please check with your IT and/or provider to see where the problem comes from.
Only 1 SPF should be created per domain. Deleting an existing SPF can disconnect other tools that require it.

Step 4.a (if you have 2 or more tools that require SPF):

Add an SPF record for 2 tools. It should look like this:

Copy-paste the following text and replace “[tool-domain]” by the tool’s domain url:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.[tool-domain] include:_spf.[tool-domain] ~all

Step 4.b (if you have 1 tool that require SPF):

Add an SPF record for 1 tools. It should look like this:

Copy-paste the following text:

TYPE
TXT
HOST NAME
@
VALUE
v=spf1 include:_spf.[email-provider].com ~all

Step 5: Check that your new setup works

You can test your technical setup here. Also make sure to use a warm-up and deliverability booster like lemwarm to monitor your deliverability. It will also alert you in case of any deliverability issues.

Common SPF Record questions

1. Do I need to set up SPF records for gmail, outlook, etc?

No, you only need to set up your SPF records if you're using a custom domain to send emails.

When you send an email from an address like 'yourname@gmail.com', the email goes through Google's infrastructure, and they handle the SPF, DKIM, and DMARC mechanism for you. The same goes for Outlook and many other major email providers.

2. How to add your SPF record in GoDaddy?

If you're using GoDaddy as your DNS provider, follow the specific instructions in this linked guide. Typically, you will log in to your GoDaddy account, navigate to the DNS management page, and add a new TXT record with your SPF details.

Here are some more guides for:

How to add your SPF records on Namecheap
How to add your SPF records on Cloudflare

3. Are SPF records still used?

Yes, SPF records are still a widely used mechanism to help prevent spam and spoofing. But SPF is not the only way to authenticate email. It's recommended to implement all essential methods to maximize your email deliverability.

4. Are SPF records different for my IP address, domain and email address?

Yes, the SPF (Sender Policy Framework) setup can differ depending on whether you're defining it for an email address, domain, or IP address. Overall, SPF is mainly used to prevent email spoofing.

Here is a breakdown of the difference between SPF records:

1. Domain:

During the DNS lookup, SPF is inherently tied to the domain. An SPF record is a DNS TXT record that defines which servers or IP addresses are allowed to send emails on behalf of a domain. For example, if your domain is example.com and you send emails through a mail server with the IP address 192.0.2.0, your SPF record might look like:


v=spf1 ip4:192.0.2.0 -all

What does this mean?

→  This says that the IP 192.0.2.0 is allowed to send emails for example.com, and all other servers are not allowed (-all).

2.  IP Address:

Within an SPF record, you can specifically allow or deny particular IP addresses or ranges.

Here are some examples:

→ ip4:192.0.2.0 allows the IP 192.0.2.0.

→ ip4:192.0.2.0/24 allows the range of IPs from 192.0.2.0 to 192.0.2.255.

3. Email Address:

SPF doesn't specify permissions for individual email addresses. When an email is sent, the receiver's email server will check the SPF record of the sender's domain. It will check if the sending server IP is authorized.

For example, if an email is sent from john@example.com, the SPF record of example.com will be checked.

5. What are mechanisms & qualifiers in SPF?

SPF allows for several mechanism and qualifiers to fine-tune the policy:

Types of Mechanism:

  • a: Matches if the domain has an address record (A or AAAA) that can be resolved to the sender's address.
  • mx: Matches if the domain has an MX record resolving to the sender's address.
  • ptr: Matches if the domain name, as a result of a PTR query, resolves to the domain name of the sending SMTP.
  • include: This mechanism allows you to include the SPF records from another domain.
  • exists: Tests the existence of a domain name.

Qualifiers:

  • +: Pass (this is the default qualifier if none is specified).
  • ``: Fail (the mail should be rejected).
  • ~: SoftFail (the mail is accepted but may be marked).
  • ?: Neutral (similar to no policy).

Setting up SPF correctly is crucial to ensuring deliverability of your emails and preventing others from spoofing your domain. Always make sure to test your SPF records after setting them up.

6. What does spf record -all mean?

The SPF record tells receiving mail servers how to handle mail from the domain that doesn't come from specific servers.

Here's what the parts mean:

  • v=spf1: This is the version of SPF being used.
  • all: This means that any server not listed in the SPF record is not authorized to send mail for the domain. Mail from unauthorized servers will be treated as spam or might be rejected.


For example:

v=spf1 ip4:192.0.2.0 -all

This record says that only the IP address 192.0.2.0 is authorized to send mail for the domain. Any other IP address sending mail on behalf of the domain should be treated as spam.

Using -all is a strong statement in your SPF record. It's recommended for organizations that want to make sure only their specific servers send email for them and want to prevent email scams using their domain.

What other technical settings do I need to complete?

If you've just set up your SPF records, congrats on the first step! To keep your emails out of spam and ensure they reach your audience's inboxes, there are 4 other technical settings to complete:

  • DKIM (DomainKeys Identified Mail): This guarantees that your emails are not changed after they are sent.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): This helps protect your domain from attacks, phishing emails, etc.
  • MX Records: This helps providers know what servers accept emails for your domain. Without it, you won’t be able to receive emails.
  • Custom Tracking Domain: This allows you to track open and click rates in your emails safely.

Once you've completed your setup, use this free Deliverability Tester to ensure all settings are in place!

It takes 3 minutes to avoid spam forever

Discover how to apply these tips on lemwarm and avoid spam forever.