What is an SPF Record

mailbox

So what is it and why would I use one?

SPF is short for sender policy framework. It is a small text file that tells ISPs who you are, and what domains you will send legitimate email from.

You publish this file on your DNS server and more and more frequently, an incomplete or inaccurate SPF Record will cause your emails to be blocked by the recipients Internet Service Provider (ISP).

Your SPF record should include information about your domain and the domains of any third-party e-mail service providers you use.

How does it work?

Anytime an e-mail is sent, the receiver’s mail server checks the domain name of the servers sending the message (hidden in the message headers). If it matches any of the domains listed in the sender’s SPF record, the mail is authenticated and delivered to the receiver. If there is no match with the published SPF record or the SPF record doesn’t exist, the mail fails authentication and is not delivered.

Why do I need to know this?

SPF records are increasingly being used as a filter for e-mail. That means that failing to put one on your domains (or that of your clients) can result in email being sent directly to the spam bin, bounced back or even deleted.

How does SPF work?

When an e-mail is sent out, the e-mail message has an envelope, a header, and the body (which contains the actual text of the e-mail and any attachments).

SPF – Sample Email

e-mail exchange

There are three identities on the envelope:

1. “HELO” identity, which names the mailserver (MTA) that is sending the message

2. “MAIL FROM” identity, which is the sending e-mail address (also the email address where error message will be sent if the mail delivery should fail).

3. “RCPT TO” identity, which is the message’s recipient address.

These identities are used during the transport of the message and are generally discarded upon delivery. That is why you only see the message header and message body when you receive an email.

SPF checks the HELO and MAIL FROM identities on the envelope.  It compares the sending mail server’s IP address to the list of IP addresses that are authorized to send email for that domain.  The list of authorized email-sending IP addresses is stored in the domain’s SPF record, which is included in the domain’s DNS records.

In other words, if the message comes from an unknown server, or a mailserver that is not listed in the SPF record, it can be considered as fake, and the receiving mail server will handle the “fake” according to its settings.

How does this affect me?

Say, someone is trying to send you an email and upon checking, our mailservers finds that the email comes from an unknown server, the email may be rejected.  This means that the e-mail will not be delivered into your inbox. Suspecting that there might be problems with the receiving-aspect of your e-mail account, you send us an “I am not receiving emails” report.

Just because an e-mail that was allegedly sent – is not received, this does not mean that your e-mail account is broken.  We need to understand that there are many reasons why an email delivery is unsuccessful.

1. The sending mailserver was experiencing problems and could not send out the email.

2. The email did not pass our spam and virus checks.

3. The email did not pass our SPF-checks.

Yes, our mailservers conduct SPF-checks for incoming emails.

How does this connect to online marketing?

Well the obvious connection is e-mail marketing.  If our client mailouts never make it past the spam bin we have already impacted our conversion rate but this has wider implications.  Not using an SPF record can hamper any e-mail communication including support/sales follow-ups and forum/blog thread updates or other user notifications.

There’s an additional benefit to publishing your SPF record.  You know all those bounces you receive from spam e-mail that appear to be from your domain but aren’t?  An ISP filtering with SPF technology won’t send them to you. It “knows” the message didn’t originate from your server.

We do as standard include our standard SPF record on your domain name for you which allows all e-mail sent via your organisation to go through with no errors.

In order to get an SPF record added to your domain name you will need to submit a request through our support contact section at the link below

http://www.lcn.com/contact_us

You can use the link below to create a SPF record for your domain name

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

You can use the link below to check any SPF records on your domain name

http://www.kitterman.com/spf/validate.html

Or

http://www.mxtoolbox.com/spf.aspx

Posted on: 2nd December, 2009

Under: Customer support

By: Tony

2 Responses to “What is an SPF Record”

  1. Steve

    Steve Says:

    December 15th, 2009 at 5:16 pm

    The option to have the SPF enabled or not would be nice a addition to your web control panel, as it causes real headaches when trying to set up Leopard Mail Server

  2. Barry

    Barry Says:

    December 16th, 2009 at 9:24 am

    Thanks for the feedback Steve. We’ll be looking to improve the layout of the customer control panel in the new year so all of the feedback we receive is hugely appreciated. I’ll pass your suggestion onto our designers.

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>