Having an SPF record will help protect your domain against spoofing. It also helps prevent your outgoing messages from being marked as spam by receiving mail servers.
SPF Basics
SPF (Sender policy framework) is a spam protection method based on the authorization of the email sender. The SPF record is simply a TXT record added to the DNS settings of your domain that defines which mail servers are authorized to send emails.
You can only have one SPF record per domain. Having more will cause DNS conflicts, and the SPF records will not be resolved.
Note: The Hover platform has a 255-character limit. This means the SPF record will need to be shorter than 255 characters.
An SPF record consists of several parts. For example, here is the most widely used SPF record at Hover.
v=spf1 include:_spf.hostedemail.com ~all
SPF part | Relevance |
v=spf1 | Defines this as an SPF record. Required to be at the beginning of the value for each SPF record. |
a | Defines the DNS A record of the domain as a valid sending source. |
mx | Defines the DNS MX record of the domain as a valid sending source. |
-all | Specifies that all emails sent through a different server than those already listed as "ok" will return a code of “hard fail.” The email will not be delivered, and a bounce-back email will be generated. |
~all | If you want to allow an email sent through a different mail server to be delivered, you can force a “soft fail”. With the ~all in place, the email will be tagged as suspicious but will still be delivered to the recipient. |
Adding an SPF record
- Sign in to your Hover control panel using your chosen method of 2FA.
- From the domains Overview page, choose the DNS tab.
- Select Add a record.
- Select TXT from the Type dropdown menu, followed by the Hostname @.
The Content is the SPF record. Below is the most widely used SPF record at Hover.v=spf1 include:_spf.hostedemail.com ~all
- Click Add record to save the changes.
Removing an SPF record
There may be times you are required to remove an SPF record.
- From the domains Overview page, choose the DNS tab.
- Locate the SPF record and select the green X to the far right of the record.
- From the popup, select Delete.
SPF configuration examples
Desired outcome | Example |
Specify a single IPv4 address that can send emails |
v=spf1 ip4:204.200.197.197 -all This would allow mail to be sent from a mail server at the IP address 204.200.197.197 only. Mail sent from mail servers on any other IP address would not be delivered, and the sender would receive a bounceback. |
Specify a range of IPv4 addresses that can send emails |
v=spf1 ip4:192.168.0.1/16 -all Allows mail to be sent from any IP address between 192.168.0.1 and 192.168.255.255. |
Specify a mail server that can send |
v=spf1 mx:mx1.domain.com -all Would allow mail to be sent from a mail server named mx1.domain.com. Mail from any other mail server would not be delivered, and the sender would receive a bounce message. |
Specify multiple items in one SPF record |
v=spf1 a mx ip4:204.200.197.197 mx:mx1.domain.com -all Allows an IP address and a mail server to send out emails. |
Make domain unable to send any emails |
v=spf1 -all All emails will be bounced back to the sender. |
Specify a single IPv6 address that can send |
v=spf1 ip6:1080::8:800:200C:417A -all Would allow mail to be sent from a mail server at the IP address 1080::8:800:200C:417A only. |
Specify a range of IPv6 addresses that can send |
v=spf1 ip6:1080::8:800:200C:417A/96 -all Allows mail to be sent from any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF. |
Specify another domain that can send email from the domain |
v=spf1 include:anotherdomain.com -all Allows mail to be sent from another specific domain on behalf of the domain, for example, anotherdomain.com, which has this SPF record in its DNS records. |
Was this article helpful? If not please submit a request here