Knowledge Essentials - 3Essentials Hosting

Adding an SPF record for your domain

Article ID: 521

 Back to Search

SPF (Sender Policy Framework) is a method of verifying that the sender of an email message went through the appropriate email server when sending.  As more and more companies add SPF information to their domain DNS records, this check will prevent spoofing at an increasing rate.  To understand spoofing, please see this article: Spoofing, What is it and how can it affect me?

In short, an SPF record is a specific type of DNS record that identifies what servers are authorized to send mail for your domain.  A brief example:

  • domainA.com has an spf record authorizing mail1.domainA.com to send mail, and no other servers.
  • 2 emails are sent:
    • EMAIL 1: user1@domainA.com sends an email through his company's mail server, mail1.domainA.com... to recipient friend@domainZ.com.
    • EMAIL2: a spammer sends an email from his own mail server, spammer1.bad-server.com, and he SPOOFS the sender address as "user1@domainA.com" to recipient friend@domainZ.com.
  • Let's assume the service provider for domainZ.com does use SPF record checking... not all providers do, but many are adopting this. 
  • When the mail server for friend@domainZ.com gets the mail, it will lookup the SPF record for the sender's domain, domainA.com:
    • it will see EMAIL1 was from an authorized mail server, and accept it.
    • it will see EMAIL2 was NOT from an authorized mail server, and REJECT it (or it can weight it more heavily as "likely spam" in it's spam scoring algorithms).

3Essentials does not include SPF records by default.  This is because SPF has the potential to cause a domain's email to be blocked if set up incorrectly or if other mail servers your domain uses are omitted, and because our customers have different needs, some may need to send mail for their domain from email servers other than our own, we simply can't know what is the correct SPF record for a given customer... and we don't want to accidentally cause you to have mail blocked.
Anti-Spam Solutions


However, we DO strongly encourage customers to implement an SPF record for their domain... this will protect your domain from being spoofed, and help internet providers identify and fight spammers who utilize spoofing.   Please contact us to help you define the proper SPF record for your domain hosted with us... we have a unique mail routing gateway system which will require certain entries in your SPF record.   We are glad to help you define the proper SPF record, and implement it in your DNS for the domain... however it is you and your organization's responsibility to understand the full ramifications of implementing an SPF record, including the controversy surrounding SPF vs Sender ID, information detailed at www.openspf.org/SPF_vs_Sender_ID.

We encourage you to thoroughly review all information provided at http://www.openspf.org/ before you move forward with implementing SPF.

When creating an SPF record and your mail services are hosted with 3Essentials, be sure to include the SPF record we've set up to specify our network ranges that would send mail for your domain hosted with us: spf.3essentials.com

This is done by specifying "include:spf.3essentials.com" in your SPF record, which makes the SPF record for domain "spf.3essentials.com" be included within your SPF record.  The SPF record for domain "spf.3essentials.com" includes all 3Essentials network ranges that might send mail.  As new networks are added to our infrastructure, this record is updated, insuring that you have to make no changes to your SPF record when we add new network ranges.

To implement an SPF record for your domain:

  • Determine what your SPF record should be (again, please contact our support department to assist you to ensure that our mail gateway infrastructure is properly listed in your SPF record) .  Please note these considerations when creating your SPF record:
    • be sure to specify all mail servers that send mail for your domain, this may include an additional mail or webserver at your corporate or remote offices, a mass email campaign service your company uses, another hosting provider if your mail is not hosted with 3Essentials.  See your respective service providers (i.e., if you use a mass email campaign service, contact them) regarding proper SPF entries to include their mail infrastructure.
    • include the 3Essentials provided SPF record that includes ALL of 3Essentials networks that might be responsible for sending your mail:
      include:spf.3essentials.com
       
  • A sample record might look like: v=spf1 include:spf.3essentials.com a:office-server.customerdomain.com include:emailcampaignprovider.com ~all
    • include:spf.3essentials.com ensures that all 3Essentials network ranges and partner ranges are specified as authorized senders for your domain (detailed description above)
    • a:office-server.customerdomain.com might be specified to include a specific application server you have at your offices that sends out automated emails for your company.
    • include:emailcampaignprovider.com this might be specified to include the SPF record for a mass email marketing provider you use to send monthly sales newsletters to your customers.
       
  • if your DNS is hosted...
    • Not with 3Essentials...check with your DNS hosting provider for details on adding new DNS record to your DNS zone.
    • With 3Essentials, continue with the following:
        •  log into your control panel
        • click your domain
        • click on the DNS icon
        • click on ADD new record
        • add an TXT record with the SPF details.

           
 
Downloads Associated With This Article
No downloads are currently associated with this article.