A frequently used application of a TXT record in your DNS settings, is the so called 'SPF'-record. SPF stands for Sender Policy Frame and is used by for instance Google and Microsoft (Gmail / Hotmail / Outlook) to check if the sending mail server is allowed to send e-mails on behalf of a domain name.
If the sending mail server is not listed in the SPF record, all sent e-mail will generally be marked as spam.
Where do I add an SPF record?
You can add all your DNS records easily and free of charge via your control panel. Go to the 'Domain & Hosting' tab and click the domain in the left column for which you want to set the SPF record (do not check).
Now scroll to 'Advanced Domain Settings', followed by 'DNS'. If you do not see this yet, first click the switch behind 'TransIP settings' so the TransIP settings are switched off. This will show an overview of your DNS records.
How do I set an SPF record?
The value of the example below is as follows: v=spf1 include:_spf.transip.email ~all
Simply put, the value of this specific SPF record tells your domain that the mailservers linked to the record _spf.transip.email are autorised to send e-mails for your domain. The different components of the SPF record are explained under the screenshot.
You set an SPF record by starting with the name. Here you specify for which part of the domain the DNS record should work. You can set an SPF record for both your primary domain and a subdomain.
- If you want to set an SPF record for a primary domain, enter an @ as a name.
- If you want to set an SPF record for a subdomain, only enter the subdomain as the name (without putting the domain name after it). Our DNS software adds your domain name in the background. Below you can see an example of a correct SPF record for the subdomain admin.site-example.com.
The 'TTL' of a DNS record determines how long the record can remain in the cache. We recommend keeping the TTL low, for example at 1 or 5 minutes.
An SPF record is in essence a TXT record. So choose 'TXT' under 'Type'.
The value of the SPF-record consists of the following components:
- v=spf1: This means that SPF version 1 is used.
- include:_spf.transip.email: Everything that TransIP considers legitimate, is also legitimate for the (sub)domain name that makes use of this SPF record.
- ~all: This part shows that e-mails will be allowed wether they correspond with the variables in the record or not. The e-mails will get marked down though.
The SPF version (v=spf1) and the level of control (~all) are part of all SPF-records. However, you have a wide range of options for authorizing servers. Asides from the components above, you can for example use the SPF record to authorize specific IP-ranges, A-records or MX-records for sending e-mails for your domain. This can be done by using the components below.
In order to authorize an IPv4 address to send e-mails for your domain, add the following part to the SPF record:
For a specific IPv4 address: ip4:220.127.116.11 For an IPv4 range: ip4:18.104.22.168/16
The value of your SPF record could then look as follows: v=spf1 ip4:22.214.171.124 ~all
In order to authorize an IPv6 address to send e-mails for your domain, add the following part to the SPF record:
For a specific IPv6 address: ip6:2a01:7c8:3:1337::27 For an IPv6 range: ip6:2a01:7c8:3:1337::27/96
The value of your SPF record could then look as follows: v=spf1 ip6:2a01:7c8:3:1337::27 ~all
You can also specify all A-records of a domain at once in an SPF record:
For a specific domain: a:domain.com For a specific subdomain: a:mail.domain.com
The value of your SPF record could then look as follows: v=spf1 a:domein.nl ~all
All A records for respectively example.com and mail.domain.com are checked. If the IPv4 address of the sending server matches any one of the IPv4 addresses, the SPF check succeeds and the mail is sent without problems. If no domain is specified, the domain for which the SPF record is configured is used.
MX-records work much like using A records in an SPF record:
Voor een specifiek domein: mx mx:domain.com Voor een specifiek subdomein: mx mx:mail.domain.com
The value of your SPF record could then look as follows: v=spf1 mx mx:domein.nl ~all
By using this method, all A records for all MX records are checked for respectively domain.com and mail.domain.com, based on the order of the MX records. If the IPv4 address of the sending party matches any one of the IPv4 records that are checked in this manner, the SPF check succeeds and the mail server is authorized to send e-mails from domain.com of mail.domain.com. Als hier geen specifiek domein is opgegeven, wordt het huidige domein gebruikt waar het SPF record voor wordt ingesteld.
The components above may also be combined by adding all these individual components to your SPF records, for example: v=spf1 include:_spf.transip.email a:domein.nl ip4:126.96.36.199 ~all
An SPF record always starts its value with v=spf1 and is closed by -all, ~all of ?all.
For more information about the various components of SPF records and a tool to create your own SPF record, please visit this website.
This article has discussed the setting of an SPF record. For a general explanation about DNS records and entering them, see the article ‘What is DNS?'.
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.