The SPF (Sender Policy Framework) system allows you to specify servers and IP addresses that are authorized to send mail from your domain(s). This feature works to prevent outgoing spam messages.
If a domain name is using our shared hosting platform and no external services then these instructions will help you create an SPF record. There are online tools which can do this automatically but it is much better to write one out manually to make sure it is correct. Any SPF record should begin with:
- v=spf1
The elements you would want to include are:
- "+a" ~ Your server will approve all of the hosts that you specify to send mail. You do not need to specify your primary mail exchanger or any other server for which you created an MX record, because your server automatically includes them.
- "+mx" ~ Your server will approve all of the MX entries for every domain that you specify to send mail.
- "+ip4:IPADDRESS" or "+ip6:IPADDRESS" ~ Your server will approve all of the IP Address blocks that you specify to send mail. You must specify IP Address blocks in CIDR format (for example, 192.168.0.1, 127.0.0.1/32, or 2001:db8:1a34:56cf::/64).
- "+include:DOMAIN" ~ The SPF settings for all hosts you specify in this list will be included with your SPF settings. This is useful if you will be sending mail though another service (e.g. G Suite, Office365, etc).
The record should end with either:
- "~all" ~ to cause any emails sent from other servers to result in a "soft fail". This means mail servers should accept the emails but mark them as suspicious. Actual implementation is variable so this can give unpredictable results.
- "-all" ~ to cause any emails sent from other servers to be rejected
So the record will look something like this:
- v=spf1 +a +mx +ip4:213.239.210.144 ~all
You can then add this record as a DNS via our Authentication Management screen. This will ensure our webmail client, the mailserver and web server currently assigned to this domain are authorised senders.
