Creating an SPF record

Having an SPF record will help protect your domain against spoofing. It also helps prevent your outgoing messages from being marked as spam by receiving mail servers.

SPF Basics

SPF (Sender policy framework) is a spam protection method based on the authorization of the email sender. The SPF record is simply a TXT record added to the DNS settings of your domain that defines which mail servers are authorized to send emails. 

You can only have one SPF record per domain. Having more will cause DNS conflicts, and the SPF records will not be resolved.

Note: The Hover platform has a 255-character limit. This means the SPF record will need to be shorter than 255 characters.

An SPF record consists of several parts. For example, here is the most widely used SPF record at Hover.

v=spf1 include:_spf.hostedemail.com ~all
SPF part Relevance
v=spf1

Defines this as an SPF record. Required to be at the beginning of the value for each SPF record.

 a

Defines the DNS A record of the domain as a valid sending source.
Note: The above example does not include a mechanism.

 mx

Defines the DNS MX record of the domain as a valid sending source.
Note: The above example does not include an mx mechanism.

 -all

Specifies that all emails sent through a different server than those already listed as "ok" will return a code of “hard fail.” The email will not be delivered, and a bounce-back email will be generated.

~all

If you want to allow an email sent through a different mail server to be delivered, you can force a “soft fail”. With the ~all in place, the email will be tagged as suspicious but will still be delivered to the recipient.

Adding an SPF record

  1. Sign in to your Hover control panel using your chosen method of 2FA.
    CPlogin.jpg
  2. From the domains Overview page, choose the DNS tab.
    CPDNStab.jpg
  3. Select Add a record.
    CPAddRecord.jpg
  4. Select TXT from the Type dropdown menu, followed by the Hostname @.
    The Content is the SPF record. Below is the most widely used SPF record at Hover.
    v=spf1 include:_spf.hostedemail.com ~all
  5. Click Add record to save the changes.

Removing an SPF record

There may be times you are required to remove an SPF record. 

  1. From the domains Overview page, choose the DNS tab.
  2. Locate the SPF record and select the green X to the far right of the record.
    CPremoveSPFrecord.jpg
  3. From the popup, select Delete.CPDeleteSPFrecord.jpg

SPF configuration examples

Desired outcome Example
Specify a single IPv4 address that can send emails
v=spf1 ip4:204.200.197.197 -all

This would allow mail to be sent from a mail server at the IP address 204.200.197.197 only. 

Mail sent from mail servers on any other IP address would not be delivered, and the sender would receive a bounceback.

Specify a range of IPv4 addresses that can send emails
v=spf1 ip4:192.168.0.1/16 -all

Allows mail to be sent from any IP address between 192.168.0.1 and 192.168.255.255.

Specify a mail server that can send
v=spf1 mx:mx1.domain.com  -all

Would allow mail to be sent from a mail server named mx1.domain.com. Mail from any other mail server would not be delivered, and the sender would receive a bounce message.

Specify multiple items in one SPF record
v=spf1 a mx ip4:204.200.197.197 mx:mx1.domain.com  -all

Allows an IP address and a mail server to send out emails.

Make domain unable to send any emails
v=spf1 -all

All emails will be bounced back to the sender.

Specify a single IPv6 address that can send
v=spf1 ip6:1080::8:800:200C:417A -all

Would allow mail to be sent from a mail server at the IP address 1080::8:800:200C:417A only. 

Specify a range of IPv6 addresses that can send
v=spf1 ip6:1080::8:800:200C:417A/96 -all

Allows mail to be sent from any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF.

Specify another domain that can send email from the domain
v=spf1 include:anotherdomain.com  -all

Allows mail to be sent from another specific domain on behalf of the domain, for example, anotherdomain.com, which has this SPF record in its DNS records.

Note: For this to work, anotherdomain.com must have a valid SPF record in its own DNS records.

Back to top

Was this article helpful? If not please submit a request here

How helpful was this article?