AUDIENCE: Administrators, Marketing Users, IT Team
- Define Sender Policy Framework (SPF) and how it is used by mail servers
- Learn to set up and validate an SPF record
The Sender Policy Framework (SPF) protocol is defined in RFC 7208. SPF is one of many technologies deployed by the world's largest and most popular mail providers to help cut down on malicious and unwanted mail. SPF is implemented by adding an SPF record to DNS. The SPF record defines which systems are authorized to send mail on your behalf. Recipient mail servers check the SPF record and use it to determine whether the message was sent from an authorized server.
For example, if you send a message from a Gmail address the receiving mail server will inspect the message, see that it appears to be from Gmail, and then ask gmail.com if it has any SPF records. Gmail.com will respond with something similar to what you see below:
gmail.com. IN TXT "v=spf1 a mx include:google.com ip4:220.127.116.11.0/20 -all"
The receiving mail server will then compare the information in the message's header with the SPF record it has received directly from Gmail to see if the message originated from Gmail or not. If the message is not authorized by Gmail's SPF record it may be rejected or delivered to Spam.
Set Up SPF
Contact your IT team to complete this set up. If you have an existing SPF record, skip to Step 2.
1. Create an SPF record in your DNS that describes all authorized senders for your domain
- Add Act-On as an authorized sender by adding "include:_spf.act-on.net" to your record before "~all"
- Validate the updated SPF record at http://www.kitterman.com/spf/validate.html
Q: Why is my record failing validation for "lookups exceeded" or "too many lookups"?
A: SPF records may include a maximum of 10 lookups. Try changing "include:_spf.act-on.net" to "include:_netblocks.act-on.net" and validating your record again (allow 24 hours for changes to propogate). If your record still fails validation, call Act-On Technical Support 844-336-3191 or submit a support ticket.
Q: Can I use IPs instead of the method above to add Act-On to my SPF record?
A: We strongly discourage the use of the IP method in SPF as our IP ranges may change. If you choose to use explicit IP statements for Act-On's services, you will need to check the record at _spf.act-on.net regularly for new IPs to be added to your SPF record.
Q: I have multiple From Addresses. Does this affect SPF?
A: If you have 'From Addresses' that have varying domains, an SPF record will need to be created for each unique domain. Validate each unique SPF record using http://www.kitterman.com/spf/validate.html
Q: What if I am unable to implement SPF due to my DNS provider?
A: SPF is a contributing factor(along with virus/malware scanning, content scanning, and other systems) to your email's overall 'score' which impacts message delivery rates. Failing to implement SPF doesn't necessarily mean fewer messages will reach your recipients' inboxes, but it will lower your overall score.
More information about SPF can be found on http://www.openspf.org/