Support & Resources

• Knowledge Base
• Tutorials & Training
• Resources
  • CAN-SPAM Compliance
  • Deliverability
  • Google Analytics
  • Sender Policy Framework
  • Whitelist Instructions
• Updates & Alerts
• Request Support

Adopting SPF helps ensure mail delivery

Overview of SPF

The Sender Policy Framework (SPF) was established to help email systems verify the identity of a message sender. "Spoofing" - when an email sender impersonates a legitimate sender of messages, usually for some malicious intent - has become a worldwide problem. We've all received scams via email that appear to be from our bank or from some other well known sender but obviously aren't. Spoofing an email "From" line is technically quite simple. The Sender Policy Framework (SPF) was developed to verify that the sending server of a particular email address is authorized to send mail for the address in the From line of the message. More and more email systems are adopting SPF. We've repeatedly seen an increase in deliverability among our customers who have implemented SPF.

SPF can be easily implemented by publishing DNS records that contain a list of all of the "authorized" servers that can send mail on behalf of a specific domain name. Email systems that have adopted SPF perform a DNS query to check to see if the sending domain uses SPF. If so, it looks for the sending server in the list of authorized senders. If the sending server is there, the message passes the SPF check and the message is delivered. If the sending server is not there, the message fails the SPF test and it may not be delivered.

SPF has not been implemented by every email system. However, Google, AOL, Yahoo, Hotmail, Earthlink, Symantec, and many others use SPF as part of their anti-spam filtering initiatives.

SPF and Deliverability

You should be aware that if you don't implement SPF, you will most certainly notice a decrease in deliverability as more and more Email Service Providers (ESPs) adopt SPF. If a receiving email server uses SPF and you haven't adopted SPF, your messages to that server will be flagged and your SPAM score will likely increase. Some services completely block incoming messages if no SPF record can be found.

If you adopt SPF, your deliverability rates should remain constant and may even increase since your message will have more authority and accountability. Once you create an SPF record and add Delivra's servers to your authorized sender list, messages from our system will be recognized as coming from an approved sender of email for your domain. Commercial anti-spam applications, like SPAMAssassin, tend to give lower SPAM scores to messages when the sending server uses SPF.

If you adopt SPF and you send to an email server that has not adopted SPF yet, all your mail will be delivered as normal.

How SPF Works

SPF uses DNS records (which means NO additional software is needed to adopt SPF). You, as the domain owner, publish a DNS TXT record with a specific syntax, that lists all SMTP servers that are valid to send email messages for your domain name. Then, when an email system that has implemented SPF receives a message, it checks the FROM line of the email message. It queries public DNS to find the appropriate TXT record and parses the appropriate SPF information. If the message was sent from an authorized SMTP server, the message is stamped with an SPF x-header that indicates the message "passed" the SPF check and the message is delivered. If the message was sent from an SMTP server that is NOT authorized, the message is typically rejected. If the domain owner has not specified an SPF record, the message will be stamped with an SPF x-header that indicates it is "unknown" whether or not the message should be trusted.

Publishing Your Own SPF Record

First and foremost, you have to determine all the servers that send mail for your domain name. This is the most time consuming part of creating an SPF record. The more precise your list of sending servers, the more authoritative your SPF record will be.

There are several sites on the Internet that have wizards to help you create an SPF record. One of our favorites is http://www.openspf.org/.

We've made adding our servers to your list as easy as possible. The SPF syntax allows you to "include" other lists - so you can just ensure "include: ne16.com" is somewhere in your list of authorized senders and all of the Delivra mail servers will be authorized to send on your behalf.

Sample SPF Record for yourdomain.com

"v=spf1 a mx include:ne16.com ~all"

Explanation

v=spf1
This declares that this entry is an SPF version 1 record.

a
This declares that any a records associated with yourdomain.com are valid sending servers.

mx
This declares that any servers that have valid mx records associated with yourdomain.com are valid sending servers.

include:ne16.com
This declares that all email servers listed in the ne16.com SPF record are valid (all of the Delivra mail servers).

~all
This declares that mail may legitimately originate from other mail servers not identified above. We highly discourage using the ~all identifier as it isn't as authoritative as the -all (which means that ONLY mail servers in this list are authorized). The ~all will likely be deprecated at some point in the future - avoid its long term usage.

Instructions for DNS Administrators

Microsoft

1. Open the DNS MMC on your DNS server.
2. Click on the appropriate Forward Lookup Zone for yourdomain.com.
3. Click Action, Other New Records...
4. Scroll down the list and select Text (TXT).
5. Click Create Record...
6. To create the record for the top level domain (yourdomain.com) leave the Record name blank.
7. In the Text box, type "v=spf1 a mx include:ne16.com ~all" (you MUST include the quotation marks).
8. Click OK.

Bind

1. Edit the appropriate Zone file (yourdomain.com).
2. Add yourdomain.com. IN TXT "v=spf1 a mx include:ne16.com ~all".
3. Save the file.