Adding SPF records
|
DNS records added via the DNS Manager section of the Control Panel take effect only when the domain name uses the DNS service of your hosting account. |
General info
Sender Policy Framework (SPF) is a DNS-based system that allows domain administrators to list the servers that are allowed to send email for their domain. The main purpose of this system is to fight email forgeries on the Internet. A flaw in the SMTP protocol allows anyone on the Internet to use any email address/domain as a sender of the messages they send. This is very often exploited by spammers and virus-spreading botnets - they use real domains as senders to give credibility to their messages. If you add an SPF record for your domain, then all mail servers on the Internet that use SPF checks will know which mail server your messages should come from, and will block as spam messages that use your domain as a forged sender. Note that adding an SPF record in the DNS server for your domain is not generally meant to fight spam sent TO your domain - it is meant to instruct recipient mail servers which is the real sending server for your domain.
A commonly used SPF record is:
v=spf1 a mx ~all"v=" defines the version of SPF used. The "a" and "mx" strings specify the systems that are permitted to send messages for the domain. In this case, these would be the A and MX records of the domain - the servers that host the web and email services for the domain. The "~all" string at the end specifies that the mechanisms listed are all that should be used for matching. It also defines a SOFTFAIL policy.
Detailed information about SPF (Sender Policy Framework) is available at http://www.open-spf.org/.
Adding an SPF record through the SPF Protection tool
The DNS Manager section of the hosting Control Panel allows you to add an SPF record for your domain with a single click. Just use the Enable button under Mail Protection section.
This will automatically add the following SPF TXT record in the DNS records section:v=spf1 a mx include:SERVERNAME.smtp-spf.sureserver.com ~all
Replace SERVERNAME with the specific server name/number associated with your hosting account.
This is the first part of your server's full name. For example, if your server's full name is s433.sureserver.com
, use s433
. If it is server299.com
, use server299
.
The SPF record above lists the following servers as allowed senders for your domain:
- the server on which your hosting account is on,
- the current web server of your domain, in case your domain is not pointed to our web hosting service,
- the current email server of your domain, in case your email service is not pointed to our email server.
Removing the SPF protection by clicking the button Disable next to it would remove all existing SPF records for your domain.
IMPORTANT: When using the SPF protection tool, you should make sure that you are sending messages only through our server, and not through the SMTP server of your ISP or any other server that is not listed in the SPF record. Otherwise, your messages might be marked as spam. If you are sending messages through other mail servers as well, make sure these servers are added to the SPF record (see below for manually adding/editing an SPF record).
Adding an SPF record in the DNS Manager manually
The hosting Control Panel's DNS Manager section allows you to add an SPF record manually. To add an SPF record, you need to:
- Enter your Control Panel's DNS Manager section.
- Select the domain for which you wish to add an SPF record via the Show hostnames of drop-down menu from the Select a domain section.
If you wish to add an SPF record globally for your hosting account (for all domain names), select the All domains in this account option for the Apply changes to setting. More details about this feature are available in our Applying DNS changes to all domains on the account article.
- At the bottom of the page, you will see an Add a new record field. Select TXT from the Type drop-down menu.
- Enter the subdomain name in the Subdomain field for which you want the SPF record to be valid. If you need to add an SPF record for your main domain without the www prefix (example.com), you should leave the Subdomain field blank.
- As sometimes the IP address of your account (the A and MX record) may differ from the server IP address, we recommend that you add the following SPF record for our hosting environment:
v=spf1 a mx include:SERVERNAME.smtp-spf.sureserver.com ~all
Remember to replace SERVERNAME with the server name/number associated with your hosting account. This refers to the first part of the server's full name. For example, if the full name is "s433.sureserver.com"
, use s433
, so the SPF string would be "include:s433.smtp-spf.sureserver.com"
If the full name is "server299.com", use server299, so the string would be "include:server299.smtp-spf.sureserver.com".
The "include" mechanism in the SPF record will ensure that after any server IP changes, the SPF record will provide correct information about the servers allowed to send email for the particular domain.
Type your SPF record in the Text field, and click on the Submit button.
Using multiple SPF records
In some cases you may have to list multiple mail servers as allowed senders for your domain. For example, if you use the email service of an account on server s433, but your website also sends messages via Google, you will need to have the SPF records for both servers configured for your domain - the SPF record for server s433:
v=spf1 a mx include:s433.smtp-spf.sureserver.com ~all
and the SPF record for Google (as per their documentation):
v=spf1 include:_spf.google.com ~all
Since having two separate SPF records is considered a bad practice, you should combine the values of the two SPF records into a single SPF record. To do this, you need to combine the systems that are permitted to send messages for your domain (between the "v=spf1" and the "~all" parts of the SPF record value), so the combined SPF record would look like this:
v=spf1 a mx include:s433.smtp-spf.sureserver.com include:_spf.google.com ~all
which is essentially the following from the first SPF record:
a mx include:s433.smtp-spf.sureserver.com
and the following from the second SPF record:
include:_spf.google.com