Spammers almost always forge the sending email address on the spam that they send. As annoying as this is for the targets of the spammer, the actual owner of the spoofed email address can become overwhelmed with bounce back emails, and sometimes the recipient of venomous replies from the spammed.
One simple method that you can deploy to help protect your domain from spoofing and allow mail servers to verify that an email is actually generated by you, and invalidate an email falsely using your email address, is to add an SPF record to your account.
- What is an SPF record
- What does an SPF record contain?
- How do I add an SPF record in cPanel
- How do I add an SPF record using the Zone Editor
What is an SPF record
An SPF record, or sender policy framework, is a DNS record that mail servers can use to determine what mail servers are permitted to send mail for a domain. This record is added to your DNS zone file and can be found by any server doing a DNS lookup on your domain.
While the actual process is more complicated, simply put, when an mail server that has SPF checks enabled (most mail servers these days), the mail server will check to see if the sending domain has an SPF record. If there is no record present, it may flag the email as spam outright. If the record is present, it will use the record to determine if the server that sent the email is permitted to send email. Finally, it will check to see what the domain owner wants done with failed SPF checks. However, the receiving server would have the final say.
- Email received by Receiving Mail Server (RMS) from email@example.com
- RMS does a DNS lookup on example.com looking for an SPF record
- Once the SPF is received, RMS checks to see if the server that sent the email is permitted to send for example.com
- If the record confirms the sending server, the SPF check passes.
- If the record cannot confirm the sending server, the SPF check fails.
What does an SPF record contain?
An SPF record is a simple TXT record in your DNS zone file. It is structured in a what that allows mail servers to decypher what mail servers are permitted to send mail for the domain.
example.com. IN TXT "v=spf1 mx a ip4:192.168.0.10 include:mailfilter.com -all"
|SPF flag||MX record||A record||IP Address||Additional Domains||Mechanism|
- SPF Flag
- This lets mail servers know that this record is an SPF record and should be used for SPF checks
- MX record
- Authorizes the MX record servers to send email for this domain
- A record
- Authorizes the A record servers to send email for this domain
- IP address
- Allows other IP addresses to send for this domain
- Additional Domains
- Allow other domains to send for this domain, such as mail filters
- Guides the receiving server on what to do with non compliant emails
SPF records not only let mail servers know what servers are allowed to send mail, but what they should do with mail that fails the SPF check. This is determined by the Mechanism at the end of the record.
|-all||Fail||If mail is non compliant, it should be rejected|
|~all||Soft fail||If mail is non compliant, it should be accepted but flagged|
|?all||Passive||SPF is not enforced be domain owner|
Regardless of what is denoted in the SPF record, the decision ultimately comes down to the receiving mail server. If the SPF check fails, the receiving server may reject the email, even if the Mechanism is set to "?all".
How do I add an SPF record in cPanel
You can create and install an SPF record from your cPanel. If you do not know how to access your cPanel directly, you can find out here.
Once you are logged into your cPanel, find the Email section and click on Email Deliverability
You will now be looking at a list of all your domains. The system will preform a test on each domain to check for any potential issues, including checking for an SPF record. If no issues are found, the domain will show as Valid in the center column. If the check finds any errors, it will show what if found in the center column. This could be a missing or incorrect SPF, DKIM or even a DNS issue.
Depending on what error is found, you may be able to click the Repair button. This button will attempt to correct the issue automatically. Or, you can click the Manage button to repair the issues manually.
On this page, you will see the status of several of the tools that can be used to help with mail deliverability. These include SPF, DKIM and Reverse DNS (PTR). For this guide, we will focus on the SPF record.
This section will show if the domain has a valid SPF record on the upper right. Next is shows the information you would need to enter an spf record, if your not using our name servers. You can copy the Name and Value. cPanel will install the SPF record automatically if you are using our name servers. Otherwise, you will need to add it to your DNS Zone file manually.
There is also an option to Customize your SPF record if you have any other IPs or domains that you send email with, such as mail filters or bulk email services.
How do I add an SPF record using the Zone Editor
Adding an SPF record is as simple as adding any DNS record. You can check out this guide for accessing your cPanel zone file and adding DNS records:
If you are using our mail server, then we recommend the following record:
v=spf1 mx a [Server IP] include:relay.mailchannels.net -all
This record will allow the MX record IPs, the A record IP, the cPanel server IP, and our mail filter (mailchannels). If the email did not come from any of these IP addresses, then the receiving server should reject it.
If you use any other mail delivery services (marketing or newsletters services, for example) they will need to be added as well.
Still Having Issues?
If you are still having issues, you can contact our Customer Support in the following methods:
You can connect to our Live Chat Support Team from your MacHighway Client Area. If you are not sure how to do this, you can find a guide here.
Our Live Chat team is available Monday to Friday from 9:00 AM to 7:00 PM Eastern Time.
You can submit a support ticket to our Support Team from your client area.
Our ticket Support Team is available 24/7/365.
You can contact our Phone Support Team using the following number:
- US/Canada 1-888-974-0334
- International 1-727-800-3606
Our Phone Support team is available Monday to Friday from 9:00 AM to 7:00 PM Eastern Time.