In this article you will learn:
- What is an SPF record and what it’s for
- How to set up a basic SPF record
- How to set up a detailed SPF record
- Common problems
- Frequently Asked Questions
Purpose of the SPF record
The SPF record protects e-mails from misuse of the domain name by SPAM mail.
A spammer can set the sender address in virtually any way they like. However, domains with an SPF record define exactly which servers are allowed to send mail with their address. E-mails from other servers are then evaluated by the recipient’s system as SPAM.
Many e-mail service providers automatically classify messages from domains without an SPF record as SPAM or reject them completely.
Basic SPF record
The basic SPF record only works for emails sent from our system. If you have set domain protection with WEDOS Global Protection, or if you also use another e-mail service provider, follow the chapter Detailed SPF record settings.
An SPF record is a DNS record of type TXT. If your domain uses WEDOS DNS servers, set it according to the DNS – Setting up domain records guide. Note that DNS changes will take effect within 1 hour.
The basic SPF record for WEDOS mailservers is:
Name TTL Type Data (prázdný) 300 TXT v=spf1 mx a include:_spf.we.wedos.net -all
This record works under the following conditions:
- You send emails from the website, for example via a form, only via our email services.
- You only send e-mails from the e-mail client via our e-mail services, or you have forwarding set on your mailbox (more information in the article E-mails – Mailbox control panel).
- The domain does not use AAAA records.
- You are not using WEDOS Global Protection.
If you use other web hosting or email services, or if you have AAAA records set for the domain, continue with the instructions in the chapter Detailed SPF record settings.
Detailed SPF record settings
There can be at most one valid TXT record for SPF in DNS. If you have more than one, none of them work.
If you need to specify multiple servers and/or rules, combine their SPF records into one. To do this, it is enough to write the individual rules between the opening text v=spf1 and the ending -all. Separate rules with spaces.
Example: Mail sent via both Google and WEDOS.
Rules for individual IP addresses
If you need to include a specific IP address in the record, insert it with the prefix ip4: or ip6:. Do not put a space between the prefix and the address itself.
If you have a domain in the WEDOS Global system, add the web hosting address to the basic IPv4 record, which you can find in the Service Addresses table in its detail.
v=spf1 mx a ip4:(replace bracket with webhosting IPv4) include:_spf.we.wedos.net -all
If you have an AAAA record set for the domain, but otherwise only use WEDOS web hosting and mail hosting, add the IPv6 address to the basic record.
v=spf1 mx a ip6:(replace bracket with webhosting IPv6) include:_spf.we.wedos.net -all
Example: Mail sent from WEDOS webhosting with IPv6 2a02:2b88:1:4::4.
Rules for other providers
If you send e-mails through providers other than WEDOS, find out the form of their SPF record from the documentation or other sources of this provider.
SPF doesn’t work for multiple providers
Problem: We entered the SPF records of all our email providers and they are not working.
Solution: You must have only one SPF record for a given (sub)domain. If you have more than one, none of them work. Merge them into one according to the instructions in the chapter Detailed SPF record settings.
SPF doesn’t work for WEDOS Global domain
Problem: After adding a domain to WEDOS Global SPF record stopped working.
Solution: Add the IP address of the web hosting to the record according to the instructions in the chapter Detailed SPF record settings You can find it in the Service Addresses table in the web hosting detail.
WEDOS returns e-mails with SPF error
Problem: WEDOS returns e-mails with the following error message:
Recipient address rejected: Please see http://www.openspf.net/Why?s=helo;id=sender-domain.tld;ip=XX.XX.XX.XX;r=wes1-mx
Solution: This is a problem with the sender’s SPF: either they have it set incorrectly or not at all. Until his domain administrator (DNS) fixes the problem, WEDOS mail servers will reject messages from him.
Question: Why don’t you set the SPF record automatically?
Answer: Although a basic SPF record is usually sufficient, we do not have enough information about your mail services to set it correctly in all circumstances. Since the incorrect setting of the SPF record can completely block the mail, we leave its setting up to you, because only you have complete information about the traffic of e-mails on your domain.
Question: How do I know that a missing SPF record is responsible for mail not being delivered?
Answer: Your e-mails end up in the recipient’s SPAM, or you receive an e-mail message about undeliverability mentioning rejection based on an incorrect or missing SPF record. If you send e-mails from the website via the mail() function, undeliverability can be either in the SPF record or in the missing or incorrect return path parameter.
Question: If I send emails from a subdomain, is it enough to have an SPF record on the main domain?
Answer: No, create SPF records for each subdomain you want to send emails from as well.
Question: What does the -all part of the record mean?
Answer: -all means that the server should discard all mails that do not match the rules. This is the strictest verification option.
Question: Google documentation says ~all, you have -all. It does not matter?
Answer: The stricter the authentication option (and -all is stricter than ~all), the less likely someone else will successfully impersonate you. The downside is that with the -all option, if you really do send an email from an unverified source for some reason, the recipient will discard it without further questions. With the ~all variant, there is still a chance that the message will get through.