How to generate a SPF (sender policy framework) dns record

 

The spf record is an e-mail sender verification dns record. It is a txt record, in which you define who is an authorized e-mail sender for a particular domain. Here is a valid spf record for domain.com:

DNS zone for domain.com

Source:            TTL:       Type:  Value:

domain.com 14400 IN TXT  "v=spf1 mx a ptr ip4:10.10.10.10 a:xyz.com include:abc.com ~all"

 

* The spf record type is txt and it needs to start with v=spf1.

* If you want to add the mx record of the domain as a valid sender just add “mx” in the Value field.

* In case the A record for the domain is going to be also a valid sender please add just “a”.

* To allow any hostname ending in domain.com to send email for domain.com add “ptr” in the value field.

* To define another IP as a valid sender, please type “ip4” for version 4 Ips followed by “:” and the actual IP – ip4:10.10.10.10

* If you want to add another server name as a valid sender, please specify  “a:” followed by the valid server name - a:xyz.com

* To add another domain as a valid sender type “include:” followed by the domain -  include:abc.com

 

If you want e-mails to Soft Fail when not authorized sender is used type ~all at the end. To have a neutral spf recrd type ?all” and for Hard Fail “-all”. All directives in the value field need to be separated by space.

Here is an example:

 

hostway.com. 14395 IN TXT "v=spf1 mx include:mail.zendesk.com include:aspmx.pardot.com include:mktomail.com include:spf1.hostway.com include:spf.protection.outlook.com include:spf2.hostway.com -all"