Technical setup

SPF for Email - What Is Is, Why It Matters and How to Set It Up

Noel
LAST UPDATED
July 28, 2024
READING TIME
7 min.

SPF is an email authentication method that can boost your open rates.

The added security layer SPF adds to your emails makes you a more trustworthy sender in the eyes of internet service providers.

With ISPs having more faith in your emails' authenticity, they will improve your inbox placement, leading to a higher ROI on your email outreach.

SPF Overview

In an ideal world, no email authentication would be necessary. Everybody would only send from domains they’re authorized to send from, and no fraudulent emails would float around cyberspace.

Unfortunately, criminals like to spoof emails, which makes it seem an email is coming from a trusted domain when it’s really being sent by criminals.

Criminals use email spoofing for malicious purposes such as phishing, spreading malware, and committing other cybercrimes.

SPF, which stands for Sender Policy Framework, ensures that only authorized email servers can send from a domain.

Domain owners can specify which servers can send through their domain in an SPF record.

If you're sending emails through an email service provider, you need to add their server to the SPF record.

➡️ We have an article that goes more in-depth on what SPF is.

SPF Records 📝

An SPF record is a DNS record you can add to your domain’s DNS settings.

It’s a simple line of text.

Here’s an example. ⬇️

v=spf1 include:someemailsender.com -all

This tells email servers that the sending server 'someemailsender.com' can send emails from the domain where this SPF record is implemented.

Now, if an email comes in from this sending server and the receiving server checks for authentication, it’s a pass!

On the other hand, any other sending server would cause the authentication to fail since there’s only one server in the SPF record.

You can add multiple servers to your record, but you cannot have multiple SPF records.

➡️ For more info on SPF, visit the page that answers the question: How does SPF Work?

Why You Need SPF ⚠️

Just like some other email authentication methods, you need SPF if you’re doing email outreach.

You simply cannot afford to do outreach without it.

The lower open rates would put an unforgivable dent in your ROI.

But it’s not just about not landing in the spam folder, your emails will also be more secure.

In other words, you help make the internet a safer place.

How to Set up an SPF Record 🧑‍💻

Once you understand how SPF works, setting up a record becomes easy.

You have to add the record to your domain’s DNS records.

To help you do it quickly, we’ve set up a page that tells you everything you need to know to set up an SPF record.

It includes tutorials on how to set up SPF on popular domain and email providers.

SPF History Class 🏫

The idea of SPF has been around since 1997, when Jim Miller suggested a way to authenticate emails.

More ideas and drafts surfaced in the early 2000s.

SPFs first version was published in 2002 but its first public version came about a year later.

SPF’s big breakthrough came when Microsoft and Hotmail started supporting it in 2007.

Today, SPF plays an important role in email security measures.

SPF FAQ  ⁉️

Common SPF Record Questions

1. Do I need to set up SPF records for Gmail, Outlook, etc.?

No, you only need to set up your SPF records if you're using a custom domain to send emails.

When you send an email from an address like 'yourname@gmail.com', the email goes through Google's infrastructure, and they handle the SPF, DKIM, and DMARC mechanisms for you. The same goes for Outlook and many other major email providers.

2. Are SPF records still used?

Yes, SPF records are still a widely used mechanism to help prevent spam and spoofing. However, SPF is not the only way to authenticate email. We highly recommend that you implement all essential methods to maximize your email deliverability.

3. Are SPF records different for my IP address, domain, and email address?

Yes, the SPF (Sender Policy Framework) setup can differ depending on whether you define it for an email address, domain, or IP address. Overall, SPF is mainly used to prevent email spoofing.

Here is a breakdown of the differences between SPF records:

1. Domain:

During the DNS lookup, SPF is inherently tied to the domain. An SPF record is a DNS TXT record that defines which servers or IP addresses are allowed to send emails on behalf of a domain. For example, if your domain is example.com and you send emails through a mail server with the IP address 192.0.2.0, your SPF record might look like this:

v=spf1 ip4:192.0.2.0 -all

What does this mean?

→  This says that the IP 192.0.2.0 is allowed to send emails for example.com, and all other servers are not allowed (-all).

2.  IP Address:

You can specifically allow or deny particular IP addresses or ranges within an SPF record.

Here are some examples:

→ ip4:192.0.2.0 allows the IP 192.0.2.0.
→ ip4:192.0.2.0/24 allows the range of IPs from 192.0.2.0 to 192.0.2.255.

3. Email Address:

SPF doesn't specify permissions for individual email addresses. When an email is sent, the receiver's email server will check the SPF record of the sender's domain. It will check if the sending server IP is authorized.

For example, if an email is sent from john@example.com, the SPF record of example.com will be checked.

4. What are the mechanisms & qualifiers of SPF?

SPF allows for several mechanisms and qualifiers to fine-tune the policy:

Types of Mechanism:

  • a: Matches if the domain has an address record (A or AAAA) that can be resolved to the sender's address.
  • mx: Matches if the domain has an MX record resolving to the sender's address.
  • ptr: Matches if the domain name, as a result of a PTR query, resolves to the domain name of the sending SMTP.
  • include: This mechanism allows you to include the SPF records from another domain.
  • exists: Tests the existence of a domain name.‍

Qualifiers:

  • +: Pass (this is the default qualifier if none is specified).
  • ``: Fail (the mail should be rejected).
  • ~: SoftFail (the mail is accepted but may be marked).
  • ?: Neutral (similar to no policy).‍

Setting up SPF correctly is crucial to ensuring the deliverability of your emails and preventing others from spoofing your domain. Always make sure to test your SPF records after setting them up.

5. What does SPF record -all mean?

The SPF record tells receiving mail servers how to handle mail from the domain that doesn't come from specific servers.

Here's what the parts mean:

  • v=spf1: This is the version of SPF being used.
  • all: This means that any server not listed in the SPF record is not authorized to send mail for the domain. Mail from unauthorized servers will be treated as spam or might be rejected.

For example:

v=spf1 ip4:192.0.2.0 -all

This record says that only the IP address 192.0.2.0 is authorized to send mail for the domain. Any other IP address sending mail on behalf of the domain should be treated as spam.

Using -all is a strong statement in your SPF record. It's recommended for organizations that want to make sure only their specific servers send email for them and want to prevent email scams using their domain.

What Other Technical Settings Do I Need to Complete? ✅

If you've just set up your SPF records, congrats on the first step! To keep your emails out of spam and ensure they reach your audience's inboxes, there are four other technical settings to complete:

  • DKIM (DomainKeys Identified Mail): This guarantees that your emails are not changed after they are sent.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): This helps protect your domain from attacks, phishing emails, etc.
  • MX Records: This helps providers know what servers accept emails for your domain. Without it, you won’t be able to receive emails.
  • Custom Tracking Domain: This allows you to safely track open and click rates in your emails without using your ESP’s custom tracking domain, which most of their customers use. ESP’s custom tracking domains usually have a bad reputation, negatively affecting deliverability. Use your own instead!

Once you've completed your setup, use this free Deliverability Tester to ensure all settings are in place!

A faster option, though somewhat less comprehensive, is our email authentication checker tool.

Noel

What you should look at next

What you should look at next

No items found.

Send emails that actually get delivered with lemwar...