Article overview

Help article

Creating an SPF record for your domain

A frequently used application of a TXT record in your DNS settings, is the so called 'SPF'-record. SPF stands for Sender Policy Frame and is used by for instance Google and Microsoft (Gmail / Hotmail / Outlook) to check if the sending mail server is allowed to send e-mails on behalf of a domain name.

If the sending mail server is not listed in the SPF record, all sent e-mail will generally be marked as spam.


Where do I add an SPF record?

You can add all your DNS records easily and free of charge via your control panel. Go to the 'Domain & Hosting' tab and click the domain in the left column for which you want to set the SPF record (do not check).

Now scroll to 'Advanced Domain Settings', followed by 'DNS'. If you do not see this yet, first click the switch behind 'TransIP settings' so the TransIP settings are switched off. This will show an overview of your DNS records.

advanced domain settings


How do I set an SPF record?

The value of the example below is as follows: v=spf1 include:_spf.transip.email ~all

Simply put, the value of this specific SPF record tells your domain that the mailservers linked to the record _spf.transip.email are autorised to send e-mails for your domain. The different components of the SPF record are explained under the screenshot.

domain spf record


Name

You set an SPF record by starting with the name. Here you specify for which part of the domain the DNS record should work. You can set an SPF record for both your primary domain and a subdomain.

  • If you want to set an SPF record for a primary domain, enter an @ as a name.
  • If you want to set an SPF record for a subdomain, only enter the subdomain as the name (without putting the domain name after it). Our DNS software adds your domain name in the background. Below you can see an example of a correct SPF record for the subdomain admin.site-example.com.

TTL

The 'TTL' of a DNS record determines how long the record can remain in the cache. We recommend keeping the TTL low, for example at 1 or 5 minutes.


Type

An SPF record is in essence a TXT record. So choose 'TXT' under 'Type'.


Value

The value of the SPF-record consists of the following components:

  • v=spf1: This means that SPF version 1 is used.
  • include:_spf.transip.email: Everything that TransIP considers legitimate, is also legitimate for the (sub)domain name that makes use of this SPF record.
  • ~all: This part shows that e-mails will be allowed wether they correspond with the variables in the record or not. The e-mails will get marked down though.

The SPF version (v=spf1) and the level of control (~all) are part of all SPF-records. However, you have a wide range of options for authorizing servers. Asides from the components above, you can for example use the SPF record to authorize specific IP-ranges, A-records or MX-records for sending e-mails for your domain. This can be done by using the components below.


IPv4 adresses

In order to authorize an IPv4 address to send e-mails for your domain, add the following part to the SPF record:

For a specific IPv4 address: ip4:37.97.254.27 
For an IPv4 range: ip4:37.97.0.1/16

The value of your SPF record could then look as follows: v=spf1 ip4:37.97.254.27 ~all

spf record with ip4


IPv6 adresses

In order to authorize an IPv6 address to send e-mails for your domain, add the following part to the SPF record:

For a specific IPv6 address: ip6:2a01:7c8:3:1337::27 
For an IPv6 range: ip6:2a01:7c8:3:1337::27/96

The value of your SPF record could then look as follows: v=spf1 ip6:2a01:7c8:3:1337::27 ~all

spf record with ip6


A records

You can also specify all A-records of a domain at once in an SPF record:

For a specific domain: a:domain.com
For a specific subdomain: a:mail.domain.com

The value of your SPF record could then look as follows: v=spf1 a:domein.nl ~all

spf record with a:

All A records for respectively example.com and mail.domain.com are checked. If the IPv4 address of the sending server matches any one of the IPv4 addresses, the SPF check succeeds and the mail is sent without problems. If no domain is specified, the domain for which the SPF record is configured is used.


MX records

MX-records work much like using A records in an SPF record:

Voor een specifiek domein: mx mx:domain.com
Voor een specifiek subdomein: mx mx:mail.domain.com

The value of your SPF record could then look as follows: v=spf1 mx mx:domein.nl ~all

spf record with mx:

By using this method, all A records for all MX records are checked for respectively domain.com and mail.domain.com, based on the order of the MX records. If the IPv4 address of the sending party matches any one of the IPv4 records that are checked in this manner, the SPF check succeeds and the mail server is authorized to send e-mails from domain.com of mail.domain.com. Als hier geen specifiek domein is opgegeven, wordt het huidige domein gebruikt waar het SPF record voor wordt ingesteld.


Combining

The components above may also be combined by adding all these individual components to your SPF records, for example: v=spf1 include:_spf.transip.email a:domein.nl ip4:37.97.254.27 ~all

An SPF record always starts its value with v=spf1 and is closed by -all, ~all of ?all.

For more information about the various components of SPF records and a tool to create your own SPF record, please visit this website.


This article has discussed the setting of an SPF record. For a general explanation about DNS records and entering them, see the article ‘What is DNS?'.

If you want to know how to, amongst other things, set the SPF records of your web hosting subscription, use the article 'The DNS settings of my web hosting package'.

Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us