Skip to main content
Dessky.org Dessky.org
  1. Tutorials/

How To Create a SPF Record For Your Domain with Google Apps

Tutorials DNS Email Security
Table of Contents
About SPF Record>

About SPF Record #

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. It is as easy to adding as MX or A records in your DNS zone.

Why It Is Important?>

Why It Is Important? #

Today, nearly all abusive e-mail messages carry fake sender addresses. Spammers send email from their mail servers but with your ‘domain’ as the sending email. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse or waste their time sorting out misdirected bounce messages.
The purpose of an SPF record is to prevent spammers from sending messages with forged ‘From Addresses’ at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

Setting SPF Record>

Setting SPF Record #

Before creating the SPF record for your domain, it is important to find out which server your domain is going to send emails. Perhaps you are planning to send email using Google Apps or from your own VPS. Consider all the mail server options available.
We will implement this with Google Apps for this tutorial. Here are the following instructions:
Login to your DigitalOcean account. Then open Networking and locate the DNS configuration. Open the desired domain configuration. Now, add a TXT type record.

Write @ at the Enter Name and at the Enter Text, add the following:

"v=spf1 include:_spf.google.com ~all"

Let’s explore this little more:

v=spf1
This sets the SPF version being used.
mx
The “mx” mechanism allows the domain’s MXers to send mail
include:_spf.google.com
The “include” mechanism includes Google mail servers in our list of authorized sending servers
~all
If mail is received from a server not previously listed, mark it as a ‘soft fail’ – this allows the mail to be scrutinized further.

At this point, your DNS configuration should look like this:

The “all” Mechanism>

The “all” Mechanism #

This mechanism always matches. It usually goes at the end of the SPF record.

Examples uses:>

Examples uses: #

“-all” : This means that any server not previously listed is not authorized – no questions asked.
“+all” : The domain owner thinks that SPF is useless and/or doesn’t care.

Create SPF Record for Your VPS>

Create SPF Record for Your VPS #

If you are using your own VPS to send email and not any other service like Google Apps, then you can create this as:

"v=spf1 mx -all"

This will allow domain’s MXes to send mail for the domain while prohibiting all others. Alternatively, you can input:

"v=spf1 -all"

This command prevents all host from sending mail.
Thats all, You have done it.
To understand it deeply can explore OpenSPF.
Article Submitted by: Keshav Pareek