Record Formatting

Checks the SPF record to make sure it is formatted correctly and has no errors.

An SPF record is a DNS TXT record with a value that starts with "v=spf1". Your domain should only have one of these and it should be at the root level of your domain. In other words, the record name is blank. Following the starting characters, you can insert a series of space separated mechanisms. Here is an example:

v=spf1 a mx ip4:123.123.123.123 include:amazonses.com ~all Mechanisms:

a
The receiver will do a DNS query for the A record on your domain. If the email originated from this IP address, then it is valid. Include this in your SPF record if your webserver directly sends email.

mx
The receiver will do a DNS query for the MX record on your domain. If the email originated from this location, then it is valid. Include this if your MX server that you use for receiving email also sends email. You may not need this if you are using a 3rd party email provider.

ip4:<ip address>
The receiver will check that the email was sent from this IP address. Only use this if you send mail from a specific IP address that isn't included in another mechanism.

ip6:<ip6 address>
The receiver will check that the email was sent from this IP address. Only use this if you send mail from a specific IP address that isn't included in another mechanism.

include:<domain name>
The receiver will look up the SPF record for the domain listed here and add its mechanisms to your own. Lookup the documentation for the email provider that you are using for instructions on what to include here.

all
Matches any server. You can prefix this with - for "fail" or ~ for "softfail" to tell the receiver what to do with mail that didn't match anything else. It is recommended to use softfail until you are confident that you have allowed all of your valid senders, then switch to fail.

The SPF record is evaluated from left to right so try to put your most frequently used senders first. There is a limit of 10 DNS queries allowed, so try to keep it concise. Also, keep in mind that if you use a 3rd party service to send email, they may change their IP addresses without notifying you, so avoid hard coding their IP addresses in your SPF record. Use the include mechanism instead.

To learn more about SPF and other email authentication mechanisms, please read our article on Best Practices for Sending Email.