The purpose of SPF record is to set a restriction on what servers has the right to send e-mails of your domain. This record is being checked when the e-mails are being delivered to the recipient.
If you do not require any custom configuration for your SPF record, you can use default record:
“v=spf1 a mx ptr -all”
This record allows to send e-mails from server that is specified in A, MX and all of domain’s sub-domains. All other senders will be rejected from having the right to send e-mails in the name of your domain.
To add the SPF record in our DNS Manager service, use the following steps:
1. Open DNS Manager service in your client area: https://billing.time4vps.com/clientarea/
2. Select your domain from the list;
3. In the field “Add New Record” choose “TXT” and press “Add”;
4. Leave the field “Name” empty and in the field “Content” paste your SPF record;
5. Press “Submit”.
You will be redirected back to full list of your domain DNS zone records, where the added SPF record should be in the TXT Records table and should look like this:
v=spf1 a mx ptr -all
Custom record usage:
If you need for a custom SPF record, recommendation would be of using dedicated 3rd party tools, like:
If you want to create a custom record manually, the following rules has to be taken in mind. Generally the record is being created in such way:
“v=spf1 rule_on_who_can_send actions_if_rule_is_broken”
a – allow sending mail if the server is the domain’s “A” type record. In most cases it is the same server as the website is using.
mx – allow sending mail if the server is the domain’s “MX” type record. In most cases, this record is mandatory, since MX is related to receiving mail.
ptr – allow sending mail from sub-domain servers.
ip4:22.214.171.124 – additional specific IP address that has the right to send e-mails.
mx:some.domain.tld – additional domain, that can send e-mail in the name of your domain.
a:other.domain.tld – another server that can send e-mails in the name of your domain.
include:_some.domain.com – can be used to include records from other system.
- actions_if_rule_is_broken . Identifies what to do if e-mail was sent from the server that does not have the permission
?all – Neutral. E-mail will be delivered as if no SPF policy would be in action.
~all – SoftFail. Between Neutral and Fail. Typically such messages are being received, but tagged for various filters to check.
-all – Fail. Such e-mail will be rejected at any time.
Examples of such records can be seen bellow:
“v=spf1 a mx ptr ?all”
“v=spf1 a mx ptr ip4:126.96.36.199 ?all”
The last record shows a combination of your own record and additional record of spf.google.com that is used for G suite usage:
“v=spf1 a mx ptr ip4:188.8.131.52 include:_spf.google.com ~all”