To check if SPF has been configured correctly for a domain, use SPF record checker.
An SPF record is a TXT record that is part of a domain’s DNS (Domain Name Service). An SPF record lists all authorized IP addresses / hostnames that are permitted to send email on behalf of your domain. The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain.
1. Collect all the IP addresses that are used to send emails:
The SPF gives the ability to authenticate your email and to specify which IP addresses are allowed to send email on behalf of the specific domain.
2. Gather all the sending email servers:
It is important to create SPF records for all the domains you control, even the ones you’re not mailing from.
3. Create SPF record:
After defining your SPF record your record might look something like this:
For example : v=spf1 ip4:220.127.116.11 ip4:18.104.22.168 include:example.com -all
For domains that aren’t sending email, you can publish the following record.
DNS lookup for SPF record should not exceed 10 DNS lookup. If you have more than ten lookups in your record, a permanent error could be returned during the SPF authentication process. DMARC treats that as fail since it's a permanent error, and all SPF permanent errors are interpreted as fail by DMARC.
SPF was the first email authentication scheme to achieve widespread adoption, but it’s not the only one out there. SPF authentication is most effective when deployed in combination with other anti-fraud techniques such as DMARC.
Let’s first see what SPF does and what it does not:
SPF authenticates the sending server of the email based on the sending IPv4/IPv6 address.SPF focuses on a header that is not visible to the end-user (Return-Path, MAIL FROM, Envelope-From, Bounce address, HELO/EHLO).
Does not :
SPF does not require any alignment between the end-user's visible domain and the typically invisible Return-Path that it checks.SPF does not provide any reporting functionality for the receiver to send back to the sender with the results of the email authentication.SPF does not survive forwarding and indirect mail-flows.SPF does not tell the receiving server what it should do with an email that failed SPF. For example, senders can publish “-all” but this has never been honoured byreceivers, as SPF breaks easily, and this would cause legitimate emails to be rejected.