An SPF Record Example To Help You Understand The Working Of Sender Policy Framework
SPF records are open standards employed by organizations to authorize specific devices to send emails on behalf of the institution. The allowed list of servers will be available at the DNS of each domain. SPF record examples are useful to understand SPF record syntax and the role SPF record plays in the email communication between various networks.
Thanks to technological advancements, organizations can use SPF record generators to create TXT records containing authorized IP addresses. GoDaddy SPF record and SPF record Office 365 have provisions for SPF records check after developing and deploying the documents into respective ISPs in text format.
Example Of SPF Record
SPF records can be best understood through an SPF record example, such as the one given below.
TXT @ “v=spf1 a include: spf.google.com ~all”
The above record will be uploaded to DNS as a TXT document for processing. The description of each element in the above SPF record format is as follows.
- TXT: Specifies that the SPF record is stored in the DNS in text format.
- @: Placeholder to represent the current domain.
- v=spf1: Represents that the text record in the DNS is an SPF record of version 1.
- a: Denotes authorization of system in ‘domain A’ record to send an email on behalf of the organization.
- include: Authorization of a third-party, which is Google, in this case, to send emails on behalf of the domain.
- ~all: This means that all emails will be allowed to pass through; however, suspicious emails will be flagged.
Components In An SPF Record
SPF record includes version number followed by mechanism, qualifiers that are used, if required, and modifiers. Among various components in the SPF record breakdown, the mechanisms define authorized hosts’ groups to send emails. The below list contains some common ones used in a typical SPF record example.
- all: Usually found at the end of each SPF record, and matches local and remote IPs
- ipv4: Denotes that the SPF record carries an IPv4 address or a range of IPv4 addresses, and if no prefix is included, then a mask of /32 is assumed
- ipv6: Denotes that the SPF record consists of an IPv6 address or a range of IPv6 addresses, and if no prefix is included, then a mask of /128 is assumed
- a: Denotes all IPs in ‘DNS A’ record
- MX: Specifies all ‘A records’ for individual “MX” records on the host’s side
- ptr: Defines all ‘A records’ for individual “ptr” records on the host’s side
- exists: Denotes the systems authorized to send emails on behalf of the organization within the domain
- include: Represents the list of external domains allowed to send emails from the domain
This SPF record example,
TXT @ “v=spf1 a include: spf.google.com ~all”, contains “a” as the SPF record mechanism. These mechanisms are usually prefixed with at least a single modifier. The description of the four primary modifiers is given below.
+: Pass, which means the address passed the test, and therefore the message can be accepted
– : Hard fail, which means the address failed the test, and further non-compliant emails will be bounced back.
~ : Soft fail, which denotes that the address failed the test, and the results are not definitive; however, non-compliant emails will be allowed but tagged and separated.
? : Neutral, which represents that the SPF record check did not pass or fail, and the incoming emails will be accepted or rejected.
The “all” Mechanism In SPF Record
The “all” mechanism is used to close the parsing instructions correctly and appears at the end of each SPF record. It is also used to operate if a previously parsed instruction does not work. The safest qualifier, “-all,” denotes that the email should be rejected if no earlier used mechanisms are hit. Likewise, “?all” and “~all” can be used if emails need to be delivered with some additional information. However, the pass qualifier, “+all,” provides zero benefits to the SPF record and is not generally recommended.
An SPF record example provides excellent insights on how each component, such as modifiers, mechanisms, and qualifiers, play specific roles in an SPF record. The SPF record or Sender Policy Framework record authorizes a set of servers in an organization’s domain to send emails on behalf of the business’ domain. Presenting SPF records on the DNS (Domain Name System) server of an organization will enable SPF filtering for their website’s domain and keep malicious actors at bay to an extent.
Join the thousands of organizations that use DuoCircle
Find out how affordable it is for your organization today and be pleasantly surprised.