How to generate a SPF (sender policy framework) dns record
The spf record is an e-mail sender verification dns record. It is a txt record, in which you define who is an authorized e-mail sender for a particular domain. Here is a valid spf record for domain.com:
DNS zone for domain.com
Source: TTL: Type: Value:
domain.com 14400 IN TXT "v=spf1 mx a ptr ip4:10.10.10.10 a:xyz.com include:abc.com ~all"
* The spf record type is txt and it needs to start with v=spf1.
* If you want to add the mx record of the domain as a valid sender just add “mx” in the Value field.
* In case the A record for the domain is going to be also a valid sender please add just “a”.
* To allow any hostname ending in domain.com to send email for domain.com add “ptr” in the value field.
* To define another IP as a valid sender, please type “ip4” for version 4 Ips followed by “:” and the actual IP – ip4:10.10.10.10
* If you want to add another server name as a valid sender, please specify “a:” followed by the valid server name - a:xyz.com
* To add another domain as a valid sender type “include:” followed by the domain - include:abc.com
If you want e-mails to Soft Fail when not authorized sender is used type ~all at the end. To have a neutral spf recrd type ?all” and for Hard Fail “-all”. All directives in the value field need to be separated by space.
Here is an example:
hostway.com. 14395 IN TXT "v=spf1 mx include:mail.zendesk.com include:aspmx.pardot.com include:mktomail.com include:spf1.hostway.com include:spf.protection.outlook.com include:spf2.hostway.com -all"