The basics of SPF records
What are SPF records, and how can you use them to benefit your email program?
What do you think of when you think of the term SPF? If you’re new to email, it probably makes you think of sunblock (it’s June, so we should probably put some on). But, as it turns out, there’s another type of SPF protection that’s a little more relevant to the email industry: SPF records.
No, this doesn’t refer to how long you can wait before you have to reapply your sunblock (seriously, go get some). Instead, the term “SPF” refers to a security measure that helps keep your sender ID and domain safe.
Ready? Let’s dive in.
Table of content
Verify your domain
Common DNS Provider Documentation
What is an SPF record?
SPF, or Sender Policy Framework, is an email authentication protocol that enables the administrators of a domain to specify which hosts are allowed to send email from that domain by creating a particular SPF record. In combination with other email authentication protocols like DKIM or DMARC, SPF helps protect your email sending from spoofing attempts.
Simply put, SPF records keep track of all the authorized sources that can send email messages from a particular domain name. This ensures that an unauthorized address does not have the power to gain access to your domain and send an email under your identity. If SPF records didn’t exist, others who have access to or who try phishing or “spoofing” (pretending to send from) your domain name could send emails as you and cause negative damage to your business and reputation.
SPF records are a relatively recent invention, as they were developed in the early 2000s—probably while you were listening to Britney Spears on TRL or watching the newest Harry Potter movie. However, they’ve become widely used in a relatively short period of time thanks to their benefits and ease of use.
Why should you use SPF authentication?Now that we’ve all moved on from clunky 2000s technology (goodbye, beepers) and begun to use email regularly, most people have become increasingly interested in different types of email security measures. Email security is the main purpose—and benefit—of SPF authentication.
SPF records add an extra layer of security to your sending domain by authenticating the IP addresses associated with it. By doing this, they help safeguard your reputation from those who would use your domain to act maliciously. You can spend less time worrying about your security and damage to your credibility, and more time using your domain and messages to strengthen your email program and further your business goals.
SPF records are also pretty easy to use, which is another bonus—but we’ll get to that later. Let’s do a quick rundown of how SPF addresses function.
How do SPF records work?
The process by which an SPF record works through SMTP is pretty simple. When a message is sent, the sending mail server (you) makes a connection with the receiving mail server (your recipient, if that wasn’t obvious). Your recipient’s server can see your IP address, and the two servers exchange relevant information before your server sends your SMTP mail.
Your recipient’s email server can then use an SPF record for your message’s sending domain or hostname to confirm that the IP address it viewed previously is authorized to send mail for said domain. If the address is authorized, the recipient’s server accepts the message and completes the email delivery. If the address is NOT authorized, the recipient’s server will not accept the message, and the email will not be delivered. It’s fairly easy, as far as email processes are concerned. This is good, because it means you can easily understand the concept when you implement SPF records and create an SPF policy with your favorite email service.
How to set up SPF records with Mailgun
Use the below tutorial to see how to set up SPF records with Mailgun.
Verify your domain
Add a domain you own and verify it by setting up the DNS TXT record we provide (this is the SPF record) at your DNS provider. An example is below.
Add your domain or subdomain in the Domains tab of the Mailgun control panel.
2. Open your DNS provider and add the SPF TXT record provided (shown in the first line below where the value begins with “v=.” The second TXT record type is a DKIM record). This record can be found in the Domain Verification & DNS section of the domain settings page of the Mailgun control panel.
3. If you want Mailgun to track clicks and opens you can also add the CNAME record.
4. MX records should also be added, unless you already have MX records for your domain pointed at another email service provider (e.g. Gmail).
Once you’ve added the records and they’ve propagated, your domain will be verified. Note: it can take 24-48 hours for DNS changes to be verified.
Common DNS Provider Documentation
Common providers are listed below. If yours is not listed, contact your DNS provider for assistance:
NameCheap: All Records
Rackspace Email & Apps: All Records
Rackspace Cloud DNS: Developer Guide
Amazon Route 53: Developer Guide
Now you’re all set! With Mailgun, you can use your SPF records to stay safe and secure. You can find all other necessary (or curiosity-fueled!) information in our documentation.
It’s pretty obvious by now that bad email security is as dated as the Y2K panic. SPF records help provide better email security by verifying the IP addresses that can send from your domain, and ensuring that your sender ID reputation is protected from unauthorized use from spammers and spoofing attempts. By using them, you can spend less time worrying about your rep and more time worrying about, you know, your emails.
When in doubt, it’s always a good idea to make sure you're secure. So, whether it comes to (sun) SPF or (email) SPF, try it out and see how it can help you handle the heat.