System StatusPortal Login

Create an SPF TXT record

Suggest Edits

Email spammers commonly forge the sender address in an email. They send
email from their own mail servers, but with your domain as the
sending email. The Sender Policy Framework (SPF)
attempts to control forged email by giving domain owners a way to specify
which email sources are legitimate for their domains and which ones aren't.
For detailed information about SPF, see the
Sender Policy Framework Project Overview.

You can add an SPF record to your Domain Name System (DNS) zone as a text
(TXT) record. The SPF record is associated with your domain and specifies
which mail server or servers the domain uses to send email.

Considerations for setting the SPF

To correctly set the SPF for your domain, answer the following
questions:

  • From what server or servers will email from the domain originate?

    If you're sending email from your workstation by using your internet service
    provider's (ISP) mail servers, you might want to consider their servers. You
    must take all possible (legitimate) sending servers into account.

  • How do you want illegitimate email to be handled?

    Do you want it to be rejected outright, or do you want the message to be
    classified as a soft fail, meaning that the email will be subjected to
    further scrutiny.

Create an SPF rule

The example in this section assumes that you have the following considerations
for your email on a specific domain:

  • The authorized servers are your cloud server (that is, the incoming mail
    exchange (MX) details also send mail).
  • No other servers are authorized.

In this situation, you would create the following rule and add it to a TXT
record:

v=spf1 mx include:\_spf.example.com -all

The following list shows how each part of the record is defined:

  • v=spf1: Sets the SPF version that is used.

  • mx: Allows the domain's MX details to send email.

  • include:_spf.example.com: Includes example mail servers as
    authorized servers.

  • -all: Indicates that servers that are not listed previously are
    not authorized to send email. If an unauthorized server does send
    email, action is taken according to the receiving mail server's own
    policy. For example, the email is deleted or marked as spam.

About the all setting

The all setting is an important aspect of the record and has the
following basic markers:

  • -all: Any server that is not previously listed is not authorized to
    send email.

  • ~all: If mail is received from a server that is not previously
    listed, it is marked as a soft fail, which allows the email to be
    scrutinized further.

  • +all: Allows any server to send email from your domain.

    Note: This last option should never be used.

Add an SPF TXT record

To add an SPF TXT record by using the Cloud Control Panel, use the following
steps:

  1. Log in to the Cloud Control Panel.

  2. In the top navigation bar, click Select a Product > Rackspace Cloud.

  3. Select Networking > Cloud DNS.

  4. Click the action gear next to the name of the domain that you want
    to modify, and select Add DNS Record.

  5. Select TXT Record for the record type.

  6. Enter the rule in the Text area. For example, enter
    v=spf1 mx -all to indicate that all email is sent from this server
    and no other mail servers are authorized.

  7. Specify the Time to Live (TTL).

  8. Click Add Record.

Related resources

For more information, see the following resources:

Updated 5 months ago