Search Our Database

All About SPF Records and How to Manage it

Last updated on |
by

Introduction

Sender Policy Framework, also abbreviated as SPF. SPF is a framework designed to prevent email phishing/forgery. With SPF, if a spammer attempts to send emails with a faked “from” address, the message will be rejected by mail servers that use SPF verification.

 

Understanding SPF records

An SPF record is a single TXT entry in the DNS for each domain. This TXT record contains information such as the mail server’s outgoing IP address, which can be used to verify the authenticity of the email messages that claim to come from the domain name in question. If the email message comes from an IP that is different from what is specified in the SPF record, it will be rejected.

There are a few types of SPF records:

Statement Result Meaning
+all pass Allow all mail
-all fail Only allow mail that matches one of the parameters (IPv4, MX, etc) in the record
~all softfail Allow mail whether or not it matches the parameters in the record
?all neutral No policy statement

 

 

What’s the difference between ~all and -all (Soft Fail and Hard Fail)

Hard fail –  This means that if the sending server is not on the allowed list then we want the receiving server to not accept the message at all.

Soft fail  –  The receiving server would then usually accept the message but tag it as ‘suspicious’ and warn the recipient.

 

Managing SPF Records in Cpanel

By default, CPanel will create SPF records when an account or domain is added. But, when there is migration involved, SPF record need to be edited to tally with the new server or email will start getting bounced back.

 

1. To edit SPF records in CPanel, proceed to click  “Zone Editor” under “Domains” in Cpanel Control Panel Home. (Refer example below)

 

2. Look for a TXT Record, then click “Edit” to change its value. (Refer example below)  and change the IP accordingly to your outgoing IP address and click “Edit Record “:

Below is an example of SPF record:

“v=spf1 ip4:x.x.x.x +a +mx -all”

Where x.x.x.x is your mail server’s outgoing IP address.

3. Kindly allow at least 24 hours to verify whether the records propagated successfully or not.

4. To check, go to http://www.mxtoolbox.com/spf.aspx, then enter your domain name and click “SPF Record Lookup”. (Refer example below)

5. Below is an example SPF records that propagated for our domain.