- Identify Email Senders
Identify all sources that send emails on behalf of your domain, including:
This includes dedicated IP addresses and third party email service providers that you use for sending emails on behalf of your domain.Example SPF record:
v=spf1 ip4:192.168.1.1 include:spf.google.com ~all
2. Create the SPF Record
SPF Version: Start with v=spf1, which signifies it’s an SPF record. This will always be v=spf1 since other versions are no longer supported.
- Authorized IPs: Add the IP addresses that are allowed to send emails on behalf of your domain.Example: v=spf1 ip4:60.103.100.201 ip6:1001:db8:85a3:8d3:1319:8a2e:370:5647
- Third-party Sources: Use the ” include” tag to list any third parties that send emails on your behalf.
Example: v=spf1 ip4:60.103.100.201 ip6:1001:db8:85a3:8d3:1319:8a2e:370:5647 include:spf.google.com - End with “all”: The all tag specifies how strict the policy is when an unauthorized server tries to send an email.
-
-
- -all: Fail emails from unauthorized servers are rejected.
- ~all: Soft fail, emails are accepted but marked (recommended).
- +all: Accept all (not recommended).
- ?all: Neutral, no policy is applied to unauthorized senders, and the receiving server is free to make its own decision (not recommended).
-
Example: v=spf1 ip4:60.103.100.201 ip6:1001:db8:85a3:8d3:1319:8a2e:370:5647 include:spf.google.com ~all
For Inactive or Parked Domains
For domains that don’t send email, it’s recommended to create an SPF record that prevents misuse:
v=spf1 -all
For verification, you can use our free SPF Record Checker tool to check your SPF records and make sure that the record are valid and have no issues.
