Introduction
In this article we will be explaining what an SPF record is, and we will also explain how to set it up. We will also be talking about the 10 lookup limit and explain what can be done to mitigate this.
What is SPF record?
SPF stands for Sender Policy Framework, SPF is a standard method for email verification, it protects your domain from spoofing and prevents your emails being marked as spam when received from other incoming servers. With SPF you allow the email servers to send emails on behalf of your domain. The emails you send to servers with SPF will check the incoming messages and see if they are linked and authorised by your domain. If you don’t use SPF when sending emails from your domain, you run a higher risk of the messages being marked as spam when the incoming server receives them.
Setting up SPF record
An SPF record is a line of plain text that consists of a list of tags and values. The tags are called mechanisms. The values are usually IP addresses and domain names.
To give you an idea of what the mechanisms are, there will be a list of the tags and values with an explanation of what they mean
- v: SPF version. This tag is required and must be the first tag in the record.
- ip4: Authorise mail servers by IPv4 address or address range. The value must be an IPv4 address or address range in standard format.
- ip6: Authorise mail servers by IPv6 address or address range. The value must be an IPv6 address or address range in standard format.
- a: Authorise email servers via domain name.
- mx: Authorise one or more mail servers using the domain’s MX record, if you do not use this mechanism in your SPF record, the default value is the MX records of the domain where the SPF record is used.
- include: Authorise third-party email senders by domain.
- all: Specifies that all incoming messages must match. We recommend that you always add this mechanism to the SPF record.
Here is an example of google’s SPF record: V=spf1 a mx ip4:69.64.153.131 include:_spf.google.com ~all
Adding an SPF record to your domain is done by adding it in a form of a TXT record.
SPF records are allowed up to 255 characters, and it cannot take up more than 512 bytes.
10 lookup limit explained
An SPF TXT record cannot contain more than 10 references to other domains or servers. These references are called lookups, if there are too many references and it goes above the 10 lookup limit this will result in your emails being marked as spam, the reason behind this is because it cant be verified with SPF.
There are common ways to make sure you don’t exceed the 10 lookup limit, here is what you can do:
- Remove unnecessary “Include” statements.
- Make use of the ipv4/ipv6 mechanisms
- Don’t use mechanisms that resolve to the same domain.
- Don’t use “ptr” mechanism.
- Remove invalid mechanisms.
- Use a flattened SPF record.
Conclusion
In this article we have explained what an SPF record is, how to set it up and also how to mitigate the 10 lookup limit.
Leave a Reply