How to Manage SPF Records for Email Security
Leveraging SPF (Sender Policy Framework) records is essential to enhance email security. Properly configured records help prevent your emails from being delivered to the spam folder and protect your domain against email spoofing. In this article, we will tackle what SPF records are and how to manage SPF records in your DNS settings.
Please click the navigational tabs below to learn more about how to manage SPF records in your account.
What is an SPF Record?
SPF (Sender Policy Framework) records, a type of TXT (Text) record within DNS management, are critical in preventing unauthorized individuals from forging the From field in your emails. By setting up an SPF record, a domain owner can define a list of domains and IP addresses that are authorized to send emails on behalf of their domain, effectively safeguarding against email spoofing. This verification ensures that the emails are legitimately from you.
Much like a guest list at an exclusive event, SPF records control access to your email domain's reputation. When an email is sent, the recipient's server acts like a security guard, checking if the sender's domain or IP address is on the SPF guest list. If it's not, the server will either reject the message outright or flag it as suspicious. This mechanism ensures that only approved senders can represent your domain.
What Do SPF Records Look Like?
SPF records have required standards. This is how different mail servers can interpret the contents. Below are three examples of different SPF records.
v=spf1 include:spf.cloudus.oxcs.net ~all
v=spf1 ip4: 216.21.224.0/24 include:_spf.google.com include:domain.ext ~all
v=spf1 include:spf.registeredsite.com include:spf.cloudus.oxcs.net -all
Let’s use the table below to break down each aspect of the contents and see what each one means.
| Mechanism | Meaning |
|---|---|
| v=spf1 | The server knows this is an SPF record. All SPF records must start with this. |
| ip4: | An IPv4 address or range of addresses authorized to send for the domain. |
| ip6: | An IPv6 address or range of addresses authorized to send for the domain. |
| a:example.com | The mail servers on example.com are authorized to send for the domain. |
| mx:mail.example.com | This MX record is authorized to send messages from the domain. |
| include:spf.example.com | Third parties (like your email provider) are authorized to send for the domain. |
| ~all or -all | ~all (softfail) Recommends marking non-compliant messages as suspicious. -all (hardfail) Recommends rejecting non-compliant messages. |
How to Update an SPF Record
- Only one SPF record is allowed per domain.
- SPF record changes may take 24-48 hours to propagate.
- If you have a Contact Form, update your existing SPF record to:
v=spf1 include:spf.registeredsite.com include:spf.cloudus.oxcs.net ~all
Below are the quick steps to manage SPF records in your Account Manager.
- Log in to your account via https://www.networksolutions.com/my-account/login.
- Select Domains on the left.
- Select the domain you want to change, then click the SETTINGS button of the respective domain you have chosen.
- Go to the Advanced Tools section.
- Click Manage next to Advanced DNS Records.
- On the new page, either click +Add Record to add or the pencil icon to edit.
- Select Refers to from the drop-down menu.
- Enter the TXT Value.
- Enter the TTL (default is 7200).
- Click Add or Edit.
Review
SPF records are essential for email security. They specify which servers can send email from your domain, preventing spoofing and improving email deliverability. To properly manage SPF records, you need to add the correct TXT value based on your email platform. By following this guide, you can take a proactive step to protect your brand reputation and ensure the trust of your recipients.