<spf> declare your smtp servers
SPF is the abbreviation of Sender Policy Framework, an email authentication standard,
that lets you declare which are the smtp servers authorized to send emails for your domain.
It allows you to confirm the sender’s address and its relationship with the server that sent out the message.
If emails are sent with your sender domain, the recipient can identify if it has been sent from one smtp server that you recognize.
It’s recommended to configure it, because some recipients may reject your messages if spf is not set at all.
how to make spf work
There are two different approaches:
- a “soft” one (~all tag), that generates a “softfail” error if the message has been sent by a non declared server
- a “hard” one (-all tag), that generates a “fail” error if the message has been sent by a non declared server
The “soft” setup will produce less/no rejection by the recipients.
The “hard” one will cause some messages to be rejected if the server has not been declared or in some cases when the email has been redirected or sent through a mailing list.
The “hard” setup provides the destination mail server with more faculty to decide whether to accept the message or not, this is the approach that we suggest.
how to configure spf
SPF setup requires to know exactly which servers you use to send out email messages.
With RealSender, the TXT record of your domain (example.com) should contain the string
a:example.realsender.com and look like this:
example.com TXT "v=spf1 a:example.realsender.com ~all"
With HighSender, the TXT record of your domain (example.com) should contain the string
include:spf.realsender.com and look like this:
example.com TXT "v=spf1 include:spf.realsender.com ~all"
These tools will help you validate the configuration:
retrieves SPF records for the specified domain name and determines if the record is valid
spf check online
validates your email SPF settings sending an email message
* = external website link, will open in a new page
Even if everything is set correctly, the message verification may fail
if the email has been redirected (forwarded) or sent through a mailing list.
In these cases, to keep the email authentication consistent,
configure the dkim signature domain to be aligned with the sender’s From address.
See: email authentication advanced >> <dkim> alignment for dmarc.
last updated on September 3, 2020