Black Friday Deals Not Found Anywhere Else! Save up to 55% OFF Hosting, Domains, Pro Services, and more.
Vodien Black Friday Sale applies to new purchase on select products and plans until 4 December 2024. Cannot be used in conjunction with other discounts, offers, or promotions.
Email Hosting vs. Collaboration Suites: Choosing the Right Setup for Singapore SMEs

Step-by-Step SPF Record Configuration for Email Security

An SPF (Sender Policy Framework) record is a DNS text record that specifies which mail servers are authorised to send emails on behalf of a domain. By validating incoming messages, it helps prevent email spoofing, phishing, and unauthorised sending. SPF record configuration ensures that legitimate emails reach recipients’ inboxes, enhances domain credibility, and works alongside DMARC and DKIM for robust email authentication.

Email remains the primary means of communication in today’s era. However, it is also one of the channels most susceptible to cyberattacks, such as spoofing, phishing, and unauthorised email sending.

Organisations use authentication methods like SPF to prevent and combat such issues. SPF record configuration is a crucial yet straightforward email security mechanism for every business domain.

This guide explains what SPF is, why it matters, and provides a step-by-step process to configure an SPF record for your domain. Let’s get started!

SPF Record: A Brief

Phishing uses spoofed emails to deceive victims into accessing fraudulent websites, thereby compromising sensitive customer information. 

  • 38 million attacks were recorded worldwide in 2024.
  • 80-95% of cyberattacks begin with phishing, and such attacks have increased by 4,151% since 2022.

An SPF record is a Domain Name System (DNS) text record containing mail servers authorised to send mail on your behalf. It helps receiving email servers verify that incoming mail actually originates from your domain. 

An SPF record

  • Avoids Email Spoofing
  • Sends your authentic emails to inboxes, not spam.
  • Builds credibility with email providers 
  • Works together with DMARC and DKIM email authentication tools. 

Structure of an SPF Record

SPF records must follow a specific structure so the server can interpret their content. Given below is an example of an SPF record and its components. 

v=spf1 ip4:152.1.1.1 ip4:171.1.0.1 include:examplesender.email -all

    v=spf1SPF version indicator
Guest List or the approved list of IP addressesip4 / ip6In this example -152.1.1.1 and 171.1.0.1 Authorised server IP addresses
include:Instructs the server what third parties are allowed to send mail for the domain. (in this example, it’s examplesender.email). The tag tells the server to query the SPF record for the included domain and treat its IP addresses as approved.Multiple domains may be included in an SPF record, but this tag will only work with valid domains.
~all (soft fail)-all (hard fail)+all States that unlisted emails will be treated as insecure or spam, but will still be accepted.Tells the server that unlisted addresses may not send email and should be rejected.States that any server can send emails on behalf of your domain.

SPF Record Configuration-Steps to Follow

Follow these steps for SPF Record Configuration. 

Step 1: Identify All Email Sources

Start by identifying all mail servers and IP addresses your organisation uses to send emails on behalf of your company. This list may include:

  • Internal mail servers
  • Web-based servers
  • Newsletter tools 
  • Transactional email services 
  • Your end users’ email servers
  • Authorised third-party mail servers
Pro Tip: Businesses should create email SPF records for all their domains to reduce spoofing.

Step 2: Access your DNS Management Panel 

  • Your DNS panel is where you manage your SPF records. Log in to your domain host to add an SPF record. 
  • Go to:
    DNS Settings → Manage DNS → Add New Record
  • SPF records are stored as TXT records in DNS. A TXT record is a type of DNS entry that holds text information for a domain.When adding a new TXT record:
TypeTXT
Host/Name@ or your full domain name 
ValueYour SPF string determines which mail servers are authorised to send emails on behalf of your domain.

Step 3: Create an SPF Record

Using your mailing sources you have collected, build the SPF string. Here are some examples of how they might look. 

1. Single Email Service (for Google Workspace)

v=spf1 include:_spf.google.com ~all

  • Authorises Google’s servers to send emails for your domain.
  • ~all = emails from unauthorised servers are marked but not rejected.

2. Multiple Email Services

v=spf1 ip4:100.118.1.1 include:_spf.google.com include:mailchimp.com -all

  • Authorises a specific server with the mentioned IP address, Google and Mailchimp servers
  • -all = emails from other sources are rejected
  • You can create a SPF record using the IPv6 mechanism or multiple third-party services

3. Single IP Address

v=spf1 ip4:103.1.213.9 -all

  • Only the server at this specific IP address can send mail

Step 4: Save and Publish the SPF Record

  • Click on Save or Apply. 
  •  Publish your new SPF record to DNS with the help of your DNS server administrator.

Step 5: Test your SPF Record

It is important to test that the SPF record is functioning properly. Use these online tools to check your records. 

Pro Tip: Use DMARC reports to monitor SPF performance. It will help you identify unauthorized senders, ensure proper email delivery, and maintain your domain’s email reputation.

Email SPF Records- Common Mistakes 

Here are the most common mistakes that you can encounter when setting up SPF records.

  • A long string of 255+ characters will result in an out-of-space error message. 
  • A PermError occurs when an SPF record contains more than 10 mechanisms that initiate a DNS lookup.
  • There is only one SPF record for every SPF version in a given domain.
  • Typos and improper syntax result in an invalid SPF record.

Ensure Domain Protection with SPF Record Configuration 

SPF record configuration is one of the most effective measures to protect your domain against phishing and email spoofing. By clearly indicating who is authorised to send emails from your domain, you reduce the risk of cyberattacks and improve email deliverability.

With Vodien’s reliable domain and hosting services, adding and managing SPF records is seamless while keeping your emails secure and your business communication professional.

Sign up to take control of your email security today!