Understanding SPF Records
We recommend that all customers use a Sender Policy Framework (SPF) record for their domain(s). An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are allowed to send email on behalf of your domain.
The purpose of an SPF record is to prevent spammers from sending messages pretending to be from your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.
For example, suppose that your domain example.com uses Office 365. You create an SPF record that identifies the Office365 mail servers as the authorized mail servers for your domain. When a recipient's mail server receives a message from firstname.lastname@example.org, it can check the SPF record for example.com to determine whether it is a valid message. If the message comes from a server other than the Office 365 mail servers listed in the SPF record, the recipient's mail server can reject it as spam.
If your domain does not have an SPF record, some recipient domains may reject messages from your users because they cannot validate that the messages come from an authorized mail server.
Setting up SPF Records
You create SPF records using the administration tools available from your domain provider. Domain providers allow you to create SPF records using the DNS record type TXT. The basic steps below are applicable to all domain hosts that support TXT records. The exact steps for doing so are slightly different for each domain provider. Some domain providers have a specific option to add a record type of SPF, however, we recommend not using this, and instead choose the option to add as a TXT record. Google has an excellent reference for TXT records for specific domain providers. You may need to identify your domain host first.
You can create or modify SPF records using the administration tools provided by your domain host (not the Black Pearl Mail admin console). Creating an SPF record does not disrupt your current mail flow or affect other existing services. However, do not remove or change any of the other existing DNS records. Also note, there should only be 1 SPF record per domain. It's ok to have multiple TXT records, but only 1 that has a data value starting v=spf1...
To configure SPF records for a domain:
- Sign in to the domain host's administrative console for your domain.
- Locate the page on which you can update the domain DNS records.
The page is typically called something like Manage Domains, DNS Management, Name Server Management, or Advanced Settings.
- Locate the TXT records for your domain. You may have one or more TXT records resembling:
Name / Host / Alias Time to Live (TTL) Record Type Value / Answer / Destination Blank or @ 86400 TXT v=spf1 ip4:22.214.171.124 ~all
- Any DNS record change will apply only after the initial TTL of that record expires. For example, a value of 86400 seconds = 1440 minutes = 24 hours before any update will be applied. This also means that you need to wait 24 hours after the TTL of a DNS record is updated once you change it to 300 from 86400.
- Either update an existing TXT/SPF record to reuse it or create a new record. Multiple TXT records are supported, but you can have only 1 valid SPF record per name/host. You can see the recommended change to make on this page in the Black Pearl Mail app in the SPF record section.
- Save your changes and wait until they take effect. Be aware it may take up to 72 hours before changes are propagated, depending on the TTL that was configured for your TXT/SPF records.