What are SPF (Sender Policy Framework) Records?
Sender Policy Framework (SPF) Records are used for email validation to mitigate spam. SPF records allow domain administrators to define all hosts allowed to send mail for a domain by creating a specific TXT record that is then used by mail exchangers to validate a senders identity. The data of an SPF record must be enclosed in quotations.
The original specifications for SPF required storage of SPF information for domains within TXT type records. Later specifications created the SPF type record. Currently, there are no SPF implementations that will not use TXT type records if they are present, so SPF type records are not required. There are, however, many SPF implementations that will not use SPF type records, so TXT records remain required. It is a good idea to have identical SPF information within a domain under both a TXT type record and an SPF type record.
The SPF value is typically provided through the email service provider. If email services are provided to the organization through a third party, the correct SPF record to use in conjunction with those services is typically located in their associated documentation. If the organization uses all internal mail servers, assistance in generating an SPF record for a domain is available through a free online tool from Microsoft.
SPF Record Fields
|A) Name||This will be the host name for the record, typically a computer or server within your domain. It is important to note, the domain name is automatically appended to the “Name” field of the record. For example, defining mail.example.com in DNS would be creating an A record with the name field of “mail” within the example.com domain. If the “Name” field is left blank, it represent the root record of the domain. The root record for the base domain can also be referred to as the apex record and is represented in a @ symbol in some documentations.
Typically, SPF records would be defined with a blank name field.
|B) TTL||The TTL (Time to Live) in seconds is the length of time the record will cache in resolving name servers and web browsers. The longer the TTL, then remote systems will lookup the DNS record less frequently. Your nameservers will also receive less query traffic since most queries are answered by resolving name servers. Conversely, the shorter the TTL the faster any changes you make to your DNS will propagate in servers that have cached data. However, your domain will receive more query traffic.
Records that are static and don’t change often should have TTL’s set between 1800 (being on the low end) to 86400 seconds (30 minutes to 1 day cache).
Records configured with Failover or that change often should have TTL’s set anywhere from 180 to 600 (3 to 10 minutes cache).
If a change is needed for a record with a high TTL, then the TTL can be lowered prior to making the change and then raised back up again after the changes were made.
|C) Value||The SPF string for your domain enclosed in quotations.|
|D) Notes||Add a helpful note with keywords so you can search for your records later.|
|E) Save||Save your record changes and don’t forget to commit your changes after you’re done making record changes for this domain!|
Video Tutorial: How to Add, Edit, and Delete Records
ADD A SPF RECORD
4. Enter a name for the record and edit the default TTL if needed. Enter the Host Name of the target name server. Please note, in most cases the name field of the record is left blank for SPF records. Enter the value field of the SPF record. The notes section lets you add a helpful note about this record if you wish. Click Save and Close.
A) Name: Enter an identifiable name for the record.
B) TTL: Edit the TTL. Time to Live is measured in seconds and is the amount of time the record will cache in resolving name servers and web browsers.\
C) Value: The SPF string for your domain enclosed in quotations.
D) Notes: Add a helpful note with keywords so you can search for your records later.
E) Save and Close: Save your changes. Don’t forget to commit your changes.
Please note, the other Record Type options are covered in different tutorials. The Record Type will be left at Standard for this tutorial. Information on the NX Domain feature can be found in the Disabling a Record tutorial.
EDIT A SPF RECORD
3. Under the SPF Records section, select a record by clicking the check mark next to it, then click the icon to edit a record.
Please note, you can not edit a record that has not been committed following its creation.
DELETE A SPF RECORD
Please note, you can not delete a record that has not been committed following its creation.
4. The record will now show as strike through text, and is now in the queue of changes to be committed.