It’s incredible how many domains, even those that belong to large enterprises, lack a proper SPF record that protects them from unauthorized access and cybercrime. Due to this, we cannot stress enough the importance of adding this TXT record to your DNS settings.
What is an SPF record
An SPF record is added to your DNS settings as a TXT file. This file contains a string of mechanisms and modifiers that reveal the following information:
- Services that are allowed to send emails on behalf of your domain.
- Instructions on processing emails that failed SPF authentication.
Having an SPF record allows you to be as specific in your guidelines for receiving domains as possible. For example, you can make a record saying that only servers featured in your A record and MX record are allowed to send emails, meaning that the incoming mail from other servers must be quarantined or deleted.
SPF record consists of multiple mechanisms and modifiers that instruct recipient servers on their actions and ways of proceeding with incoming mail in explicit detail.
Why is SPF record important?
All modern anti-spam systems analyze three elements of your email campaigns:
- Sender IP address. They check your IP reputation, make sure the IP address is correct, investigate your PTR records and A records.
- Domain records. They go through your SPF and DMARC records, study your DKIM signature and make sure you’re a credible and trustworthy sender.
- Email content. They scan your message, starting with its subject line and ending with the body text, looking for spam trigger words, faulty links, image/text ratio, and other attributes of spammy content.
A spammer can bypass IP checks and content checks by having a clean IP address (i.e., without a history of misbehavior and using black-hat techniques), using compelling content free of spam trigger words, and abusing an unprotected domain. This is why SPF records became a must-have for all senders that want to take part in outreach.
To illustrate our point further, let’s imagine that servers allowed to send email from your domain’s name are your agents. They carry a badge (IP address) and a recognizable uniform (content). Your agents pay visits to your prospects’ offices (mailboxes) to deliver your message and start a dialogue. However, you soon start receiving complaints about your representatives acting inappropriately or pestering people like cliché foot-in-door salesmen. Some of your agents are accused of planting suspicious devices in your prospects’ offices or even stealing classified business information.
Naturally, you’re shocked by these accusations, and you start investigating your team. As you look closer, you suddenly realize that you don’t recognize some of your agents. Of course, they dress like your agents, they act as your agents, but you don’t recall hiring them or letting them speak on your behalf. It means that several criminals use your identity to commit data theft and compromise your prospects’ safety.
What a mess! How do you fix it? How do you avoid it?
In this scenario, the SPF record serves as a special document that is available to your agents only. Once they pay a visit to your prospects’ office, they show their papers at the entrance and receive permission to proceed. Fake agents don’t have this document, so they are instantly identified as frauds and get the boot. Your reputation is clean, your teams are safe, and your prospects are confident about the people they meet. Everyone’s day is saved with just one string of text.
This is why services like Gmail and Mailchimp provide their users with an automatically generated SPF record — it has become a must-have in modern outreach.
How hard is it to generate an SPF record?
A classy way of adding an SPF record to your DNS records would be creating a TXT file, typing v=spf1, and adding a string of mechanisms you need (see the table above). For example, you want to show that Gmail services are allowed to send mail from your behalf, you want to send from a particular IP address in the ip4 range, and you need to authorize your current domain name for sending messages. So, your SPF record should look like this:
Then, you access your domain settings, publish your record and wait for the changes to settle in. On the one hand, you add all important components and adjust your record in a way you see fit. On the other hand, there is a high risk of typos and mistakes that would impact your relationship with receiving servers. You can use services like MX toolbox to check your SPF record and avoid any issues.
The much faster and safer alternative would be letting an SPF record-maker do all the heavy lifting for you. Modern record generators are designed to work with the information you provide. They process it and convert it into an SPF format swiftly, giving you a string of text ready for publishing.
For a quick demo, you can check our Folderly SPF maker — it’s available to all users and provides both standard and advanced settings to meet all your outreach needs.
How many SPF records do I need?
The more your outreach grows, the more tools and services you start using. At this point, you start asking yourself, “How do I edit my SPF record to fit all of that? Do I need another one?”
If you decide to make another record, you’ll make a mistake that will cost you a good sender reputation and freeze your outreach progress. So let’s go through several essential rules that are necessary to manage your SPF record.
- There can be only one. You can have only one SPF record per domain. If you add a new app or service to your outreach and ask for your SPF record, you don’t need to generate a new one. Just edit the one you currently have and add it. Having two or more SPF records will lead to you failing checks and hurting your Sender Score.
Subdomains aren’t included. Let’s say you run a business.com domain. And you made a support.business.com subdomain for dealing with customer feedback and providing support from your tech team. Within your network of domains, support.business.com is considered a separate unit. Therefore, the SPF record of your primary domain will have nothing to do with your subdomain. If no record is fone, the SPF check will deliver the none result. This is why you should create SPF records for all your subdomains — even if you don’t use them for sending emails. An SPF record that says, “This domain is not used for sending emails” looks the following way:
This measure will remove any loops that spammers can exploit to undermine your reputation and spread harmful content on your behalf.
Currently, SPF record is your protection against cybercriminals, spoofers, and data thieves. It’s your email-sending license that will put receiving servers at ease and help you build trusting relationships with spam filters and email service providers.
Naturally, you need some practice and learning before you get the hang of managing your DNS records and writing a proper SPF policy. But at Folderly, we’ll gladly guide you through every stage of your journey so that you can make the most of your outreach and build a solid reputation.
If you still have questions regarding outreach, dig into our blog and let us know if you want more insights on any particular subject. Also, if you’re eager to update your DNS records right here, right now, our Folderly record-maker is at your service.