Tutorial

How To Create a SPF Record For Your Domain with Google Apps

Published on July 13, 2013
author

Keshav Pareek

How To Create a SPF Record For Your Domain with Google Apps

About SPF Record

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. It is as easy to adding as MX or A records in your DNS zone.

Why It Is Important?

Today, nearly all abusive e-mail messages carry fake sender addresses. Spammers send email from their mail servers but with your ‘domain’ as the sending email. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse or waste their time sorting out misdirected bounce messages.

The purpose of an SPF record is to prevent spammers from sending messages with forged ‘From Addresses’ at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

Setting SPF Record

Before creating the SPF record for your domain, it is important to find out which server your domain is going to send emails. Perhaps you are planning to send email using Google Apps or from your own VPS. Consider all the mail server options available.

We will implement this with Google Apps for this tutorial. Here are the following instructions:

Login to your DigitalOcean account. Then open Networking and locate the DNS configuration. Open the desired domain configuration. Now, add a TXT type record.

DigitalOcean TXT Record

Write @ at the Enter Name and at the Enter Text, add the following:

"v=spf1 include:_spf.google.com ~all"

Let's explore this little more:

  • v=spf1 This sets the SPF version being used.
  • mx The "mx" mechanism allows the domain's MXers to send mail
  • include:_spf.google.com The "include" mechanism includes Google mail servers in our list of authorized sending servers
  • ~all If mail is received from a server not previously listed, mark it as a 'soft fail' - this allows the mail to be scrutinized further.

At this point, your DNS configuration should look like this:

DigitalOcean DNS Records

The "all" Mechanism

This mechanism always matches. It usually goes at the end of the SPF record.

Examples uses:

  • "-all" : This means that any server not previously listed is not authorized - no questions asked.
  • "+all" : The domain owner thinks that SPF is useless and/or doesn't care.

Create SPF Record for Your VPS

If you are using your own VPS to send email and not any other service like Google Apps, then you can create this as:

"v=spf1 mx -all"

This will allow domain's MXes to send mail for the domain while prohibiting all others. Alternatively, you can input:

"v=spf1 -all"

This command prevents all host from sending mail.

Thats all, You have done it.

To understand it deeply can explore OpenSPF.

Article Submitted by: Keshav Pareek

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar
Keshav Pareek

author

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Be very careful with using “v=spf1 mx -all” over “v=spf1 mx ~all”. The big boys (Google, Microsoft, et al) use the tilde over the deny-all dash for a very good reason.

If you don’t want your mail randomly dropped, use “v=spf1 mx ~all” instead.

Kamal Nasser
DigitalOcean Employee
DigitalOcean Employee badge
July 27, 2013

@Ben: Yes. It has to be quoted otherwise it won’t work.

Edit: Quotes are no longer required for these records. If you are using quotes, make sure to use straight quotes (""), not curly ones (“”).

Just make sure you use straight quotes and not the curly ones that are in the post.

Should the value itself have quotes in it?

Can this article be updated to remove the smart quotes from

”v=spf1 include:_spf.google.com ~all”

and instead be:

"v=spf1 include:_spf.google.com ~all"

How long will it be valid nw… But I dnt it how it take it on it nah

FYI, they now appear to fully support not using quotes. This is going to be the safest route for most people since otherwise there is the risk of non-straight quotes being pasted in…often times quotes are automatically formatted in an email or website to use other varieties even if the author didn’t intend it.

Thanks. I was having issues with Gmail complaining that it couldn’t verify authenticity of sending domain. Setting the record to “v=spf1 mx -all” fixed this (after a few minutes delay).

“v=spf1 mx ~all” doesn’t work for me, my email still gets into the spam folder. What am I doing wrong? “v= +all” works

What if your website is sending mail from your server, ie, the article How To Install and Configure Postfix as a Send-Only SMTP Server on Ubuntu 14.04 But you are using myname@mydomain.com to reply and also send mail from google app?

Currently both sources are not spamming my email so do I even need to add a SPF record? If I am understanding correctly the SPF record is to prevent others from using myname@mydomain.com to spam people - correct?

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.