Support / KnowledgeBase

 
Search the KnowledgeBase Search

How can I create an SPF record for my domain?

  • Applies to: (ve), All DV, Domain Registrations, DV, DV Developer, Grid

  • Difficulty: Easy

  • Time needed: 10 minutes

  • Tools needed: AccountCenter access

 
  • Applies to: Grid
    • Difficulty: Easy
    • Time: 10
    • Tools needed: AccountCenter access
  • Applies to: All DV
    • Difficulty: Easy
    • Time: 10
    • Tools needed: AccountCenter access
  • Applies to: (ve)
    • Difficulty: Easy
    • Time: 10
    • Tools needed: AccountCenter access
  • Applies to: Premium WordPress
    • Difficulty: Easy
    • Time: 10
    • Tools needed: AccountCenter access

Overview

Sender Policy Framework (SPF) is a method of fighting spam. As more time passes, this protocol will be used as one of the standard methods of fighting spam on the Internet. An SPF record is a TXT record that is part of a domain's DNS zone file. The TXT record specifies a list of authorized host names/IP addresses that mail can originate from for a given domain name. Once this entry is placed within the DNS zone, no further configuration is necessary to take advantage of servers that incorporate SPF checking into their anti-spam systems. This SPF record is added the same way as a regular A, MX, or CNAME record.

The authoritative source for this information can be found here: http://www.openspf.net/SPF_Record_Syntax.

Requirements

Your domain must be using (mt) nameservers:

  • NS1.MEDIATEMPLE.NET
  • NS2.MEDIATEMPLE.NET

For information on how to confirm this for your domain, see this article: Performing a WHOIS search.

READ ME FIRST

This article is provided as a courtesy. Installing, configuring, and troubleshooting third-party applications is not supported by (mt) Media Temple. Please take a moment to review our Statement of Support.

Example record

As a courtesy, we've come up with a generic SPF record that should work quite effectively for you.

v=spf1 include:spf.mail01.mtsvc.net -all

Be sure to replace xxx.xxx.xxx.xxx with your server's IP address.

v=spf1 a mx ip4:xxx.xxx.xxx.xxx -all

NOTE:

If you send email through your mail servers at (mt) and also through another mail server (such as your ISP's mail server in the case of restricted port 25 access), you can add an "include:" mechanism in your SPF record to include the SPF records for the servers you use. For example:

v=spf1 include:spf.mail01.mtsvc.net include:adelphia.net -all

The above would work if your domain name is gs-example.com and you also send mail through adelphia.net's mail servers.


Before including your ISP in this manner, you must make sure that the domain you provide also has an SPF record set up. You can check this at http://dnsstuff.com/, http://www.kitterman.com/spf/validate.html or other third-party services by doing a DNS lookup for TXT. If you are using Google Apps for your domain, please see the following guide at http://www.google.com/support/a/bin/answer.py?answer=178723

Instructions

  1. Log into your AccountCenter.
  2. Select your domain name from the Domains tab.

    AC domain-select.jpg

  3. Scroll down page and click the Edit DNS Zone File icon.

    Edit zone.jpg

  4. Click + Add a record to create a new record. Set the type to TXT and enter your SPF record in the right column.

    SPF_record_text_1b

    v=spf1 include:spf.mail01.mtsvc.net -all

    Be sure to replace xxx.xxx.xxx.xxx with your server's IP address.

    v=spf1 a mx ip4:xxx.xxx.xxx.xxx -all
  5. Click Save to commit the changes.

You can also use this SPF wizard: http://spfwizard.com/.

Stop receiving spoofed emails and bouncebacks

Spamming with a fake reply-to address (yours) is called "spoofing." Since the email appears to be coming from your server, complaints and bouncebacks from the spam will often be redirected to your server, rather than the actual spammer. You may also receive some of the original spam - spam that appears to be coming from you!

Adding an SPF record to your zone file is the best way to stop spammers from using this technique with your domain. An SPF record will eliminate a high proportion of the bouncebacks you've been getting, because other mail providers will reject the email immediately without sending a bounceback to the (spoofed) reply-to address. While the SPF record is not 100% effective, because not all mail providers check for it, you should notice a drastic decrease in the amount of bouncebacks you receive.

If you are also receiving the original spoofed emails (that look like spam coming from yourself) you can add the spammer to your block list. You will need to look at the header from one of the spam emails. Look for the very last line that starts with Received. You want to check for the IP address or domain that the message is coming from, not to or received by. Add this IP or domain to your block list in your spam filter.

If you look at your header and find out that the spam actually is coming from your own server, you should proceed to our Security Resources article, as this may indicate a compromise.

Alternate/Additional Domains

If you'd like to set up SPF records for an Alternate Domain, please make sure that you are adding the TXT record to the proper zone. The SPF record for my-temple-domain-2.com does not belong in example.com's DNS zone listing, but rather in the DNS zone of that same domain. This must be done for each domain you'd like to use SPF on as well. Simply setting it up for just the primary domain of your server will not have any impact on the SPF status of your other domain names on that same server.

 

Continue