In-Depth Review of Mailgun SPF Record and How To Use It

Dariia Leshchenko
Dec 02, 2021
Reading duration

If you were to ask an average person (not involved in the email marketing and delivery field)  what SPF is, – they’d likely say that it has to do with sunscreen. But Mailgun SPF has nothing to do with skin protection. Instead, an SPF record has everything to do with domain verification, domain safety, and sender ID security. Sound thrilling? Dive in to find out more on the subject!

Mailgun SPF record – general description

Sender Policy Framework (SPF) is a protocol responsible for mail authentication. The protocol grants domain admins the ability to determine the hosts who can send emails from a given domain through a specific SPF record. Both SPF and DKIM records protect the sender and the receiver from scamming and phishing attempts.

If the quantity of records leaves you a little confused, just remember that an SPF record is used to monitor all the sources that are able to send emails from a given domain. This way, no third-party, unverified IP addresses can access the domains in use. This rules out the possibility of identity theft and scamming attempts.

How does the Mailgun SPF record work?

Since both SPF and DKIM records are parts of DNS records, they are represented as two TXT records. Thus, there is nothing complicated about the way an SPF record acts. When you create and send your message, you are treated as the sending server, and the users who receive your emails are receiving servers. All this means is that the two outlined servers exchange data.

In the majority of cases, the recipient server seeks the server’s domain verification to ensure the source is authorized. Mailgun SPF protocol is the source of information that the receiving server looks for. As long as the SPF and DKIM records pass the authorization, the email delivery is successful. But if the server can’t authorize the sender, the mail won’t be allowed through.

What does a Mailgun SPF record look like?

You may already know that most DNS records look like TXT records; an SPF record is no exception. However, there are standard formulas that outline SPF and DKIM records so that the server knows how to translate them.


v=spf1 ip4= ip4= -all

  • V spf1 — This note is designed to verify that the message has an SPF record intact.
  • ip4= ip4= — These are the IP addresses that are authorized to operate on the domains’ behalf.
  • — This example lets the server know that third parties like Mailgun are allowed to send messages from the domain. While it is inadvisable to use multiple SPF records, various domains can be added to a single SPF record.
  • -all — The note verified that all the other addresses that are not on the list could be considered unverified and thus unauthorized.

Why do you need a Mailgun SPF?

Even after you fully understand how the SPF works, you may still be unsure whether you actually need it. That is why Folderly experts have compiled the following reasons to help push you in the right direction:

Attack prevention

Unauthorized mail puts both the senders and the recipients at risk of spam, phishing, and spoofing. Once you put DNS records to use, it is almost impossible for frauds to imitate your domain.

Enhanced email deliverability

Experienced vendors use Folderly for Mailgun to improve their deliverability rates. While the former does the technical scan and in-depth rate analysis, the latter activates SPF records that prevent email service providers from marking their emails as spam.

DMARC compliance 

DMARC is the system that ensures that emails are truly sent by validated users. The system’s policy points out what to do with the emails that fail the DKIM record check. In addition, Mailgun domain admins receive DMARC reports and can track the email activity to improve the rates according to their needs.

How do you set Mailgun SPF up?

Should you decide to create either of the SPF and DKIM, you should work on your Mailgun account first. Afterward, you can proceed with the SPF setup.

Domain verification process

  • You can confirm your domain with the help of a DNS TXT record. The record can be found at the DNS provider.
  • Open the Domains section from the Mailgun control panel and enter your domain data.
  • Go to the DNS provider and enter the first SPF TXT record you see. The other one is a DKIM variation; SPF starts with “v=”.
  • Add a CNAME record for the system to monitor the click rates and the open rates.
  • Don’t forget the Mailgun MX record. An MX record should not be used if you have it pointed at a different provider. In this case, skip the Mailgun MX record step.

Once the records are added, you can exit the Mailgun control panel. The DNS changes will become active within 48 hours.

Final words

There’s no way around it: Breached email security takes a negative toll on your business. However, all issues can be solved in a matter of minutes after you create a Mailgun account! The SPF protection offered by the system can only be polished with the SPF record generator service that Folderly offers! If you have any further questions about SPF or email deliverability, get in touch with our professionals today!

Dariia Leshchenko
Dariia Leshchenko
Customer Success Manager
Dariia's decades in Email Deliverability and Sales have allowed her to successfully manage diverse business clients. For years now, she proves that there are no issues not to be fixed. Dariia speaks for the synergy of new-level email analysis technology and a human approach to improving email performance.