This is a special DNS record. It contains a list of IP addresses authorized to send email messages on behalf of the sending domain.
By configuring the SPF record and specifying all your IP addresses in it, email providers (Gmail/Yahoo/etc.) understand that the incoming email is genuinely sent on behalf of your company's domain.
In doing so, a spammer won't be able to use your domain for phishing. They would need to explore other options.
The SPF record has a TXT format. Here's an example of a configured SPF record for the domain example.com. It specifies the IP addresses from which emails can be sent on behalf of the example.com domain. Other IP addresses will fail the SPF check.
v=spf1 ip4:46.243.168.39 ip4:217.66.145.1 ip4:217.66.145.2 ip4:213.87.72.33 ip4:213.87.75.66 ip4:212.248.112.197 ip4:81.176.66.43 ip4:217.74.241.47 ip4:213.87.44.5 ip4:213.87.44.6 ip4:213.87.71.65 mx -allAdditionally, the SPF record of one domain can include a reference to the record of another domain. To do this, the record includes the modifier "include:". When reading the SPF record of the sending domain, a request is made to the record of the domain specified in the "include" modifier. The IP addresses of this record will be considered during the check.
See an example of an SPF record for the domain example.com with the "include" modifier:
v=spf1 ip4:176.9.155.239 ip4:192.95.30.151 ip4:94.231.116.76 ip4:94.231.116.77 ip4:94.231.116.78 ip4:94.231.116.69 ip4:78.47.65.243 include:spf-es.com +mx ~allWith such a record, sending emails on behalf of the domain example.com is allowed from the IP addresses described above, plus the IP addresses specified in the SPF record of the domain spf-es.com.
Identify from which IP addresses the email communication on behalf of your domain will originate. Consider not only bulk mailings but also private correspondence from corporate email (if it shares the same domain). Failing to account for all scenarios may result in communication issues with subscribers or colleagues.
Next, formulate the SPF record according to the protocol syntax.
The SPF record is created. It needs to be added to the TXT record of the domain. Essentially, you need to add a new DNS record of TXT type.
Within 6 to 12 hours, the SPF record's value will be updated and become accessible to all DNS servers.
Verify the correctness of the configuration using specialized services for SPF checking or any of the services for viewing DNS records, for example, www.dnswatch.info.
To do this, after navigating to the website, enter the domain you want to check and select the TXT record type.
Click the Resolve button, and you will see a list of all TXT records. The SPF record starts with "v=spf1" and should contain all the necessary IP addresses.
The presence of an SPF record is a mandatory requirement for most email providers.
If the record is not found, there is a high likelihood that the email will be routed to the "Spam" folder. The same will occur if an SPF record exists, but the IP address from which the email is sent is not present in the allowed list.
Therefore, it is crucial to correctly configure the SPF record for conducting mass mailings.