Create an SPF record for a domain

SPF stands for Sender Policy Framework, and is a method by which the administrator of a domain explicitly specifies which mailservers are allowed to send mail for his domain. As this is just a TXT record that is put into the domains DNS zone file, the setup is fairly straightforward. A very basic SPF for mydomain.com might look like this:

mydomain.com IN TXT "v=spf1 a mx ~all"

The above specifes that this is an SPF record for mydomain.com:

v=spf1 – a required header that indicates this is an spf record
a – the A record for mydomain.com is allowed to send email
mx – the MX record for mydomain.com is allowed to send email

~all – all other mailservers trying to send mail will return a code of “softfail”. The mail will still go through, however it will be a suspect message

If you wished to allow another server to send mail through that had the hostname of mail2.mydomain.com, you would modify the record thusly:

mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com ~all"

Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:

mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com -all

If you enjoyed this article, then you’ll love Zalvis's Cloud Hosting platform. Turbocharge your website and get 24/7 support from our veteran team. Our world-class hosting infrastructure focuses on auto-scaling, performance, and security. Let us show you the Zalvis difference! Check out our services.