Hey there! I’m Jules from Techamat, and today I’m going to walk you through setting up Sender Policy Framework (SPF) for your domain. If you’ve ever had emails rejected by servers like Gmail, SPF might be the culprit—or rather, the lack of it. Let’s get your domain set up properly so your emails reach their destination.
What is SPF?
SPF is a system that lets you, as a domain owner, specify which mail servers are allowed to send emails from your domain. Basically, it tells the world, “Hey, only these servers can send emails from my domain—reject anything else.”
For example, if I own example.com and I have two servers sending emails—1.2.3.4
and 5.6.7.8—I can use SPF to ensure that only those servers are trusted. If someone tries
to send an email from @example.com using a different server, it’ll get rejected by servers
that check SPF.
SPF isn’t mandatory. You can send and receive emails without it because the SMTP protocol doesn’t require it. But here’s the catch: some email providers, like Gmail, might reject your emails if SPF isn’t set up correctly. So, while it’s optional in theory, it’s practically a must-have.
Why Should You Set Up SPF?
Setting up SPF helps protect your domain from being spoofed—meaning, it stops others from pretending to send emails as you. It also improves your email deliverability. Without SPF, your emails might end up in spam folders or get rejected entirely, especially by strict servers like Gmail. I’ve seen this happen too many times, and setting up SPF is a simple fix.
Step-by-Step Guide to Set Up SPF
Let’s get to the good stuff—here’s how I set up SPF for my own domains, and you can follow the same steps.
Step 1: Check if Your Domain Already Has an SPF Record
First, let’s see if your domain already has an SPF record. You’ll need to check your domain’s DNS records. I like doing this on a Linux machine, but you can use online tools too.
If you’re on Linux, open a terminal and run:
dig yourdomain.com TXTReplace yourdomain.com with your actual domain (e.g., example.com). Look for a
line in the output that looks like this:
yourdomain.com. 300 IN TXT "v=spf1 ip4:12.34.56.78 -all"Here’s what to check:
- The domain matches (
yourdomain.com). - The record type is
TXT. - The value starts with
v=spf1.
If you see a line like this, you already have an SPF record. If not, your domain doesn’t have SPF set up yet, and we’ll create one in the next step.
If you don’t have a Linux machine, you can use an online DNS lookup tool like MXToolbox. Just enter your domain
and look for a TXT record starting with v=spf1.
Step 2: Identify Your Mail Servers
Before creating or updating an SPF record, you need to know which servers send emails for your domain. These could be:
- Your own mail server (e.g., if you’re hosting email with a provider like Zoho or your own server).
- A third-party service like Google Workspace, SendGrid, or Mailchimp for marketing emails.
For example, if I’m using Google Workspace to send emails for example.com, I need to include
Google’s mail servers in my SPF record. If I’m also using SendGrid for marketing emails, I’ll need to
include their servers too.
Check with your email provider—they usually provide the SPF details you need. For instance:
- Google Workspace:
include:_spf.google.com - SendGrid:
include:sendgrid.net
If you’re using your own server, you’ll need its IP address (e.g., ip4:12.34.56.78).
Step 3: Create or Update Your SPF Record
Now that you know your mail servers, let’s create or update your SPF record. You’ll need access to your domain’s DNS settings—usually through your domain registrar (e.g., Namecheap, GoDaddy) or DNS provider (e.g., Cloudflare).
If You Don’t Have an SPF Record:
You’ll create a new TXT record. Here’s an example for example.com if I’m using Google
Workspace and my own server at 1.2.3.4:
example.com. 300 IN TXT "v=spf1 ip4:1.2.3.4 include:_spf.google.com -all"Here’s what this means:
v=spf1: This is an SPF record.ip4:1.2.3.4: My server at1.2.3.4is allowed to send emails.include:_spf.google.com: Google Workspace servers are also allowed.-all: Reject any other servers trying to send emails from my domain.
Log in to your DNS provider, go to the DNS management section, and add a new TXT record with:
- Name/Host: Your domain (e.g.,
example.comor just@depending on your provider). - Type: TXT
- Value: Your SPF record (e.g.,
"v=spf1 ip4:1.2.3.4 include:_spf.google.com -all"). - TTL: Set to 300 (or default).
If You Already Have an SPF Record:
If you found an existing SPF record (e.g., "v=spf1 ip4:12.34.56.78 -all"), you’ll need to
update it to include any additional mail servers. For example, if I want to add Google Workspace to an
existing record, I’d change it to:
example.com. 300 IN TXT "v=spf1 ip4:12.34.56.78 include:_spf.google.com -all"Edit the TXT record in your DNS settings to include the new include: directive. Be careful
not to create multiple SPF records—there should only be one TXT record starting with v=spf1
for your domain.
Step 4: Test Your SPF Record
After updating your DNS, it might take a few minutes to a few hours for the changes to propagate. Once it’s live, test your SPF record to make sure it’s working.
Run the dig command again:
dig yourdomain.com TXTOr use an online tool like MXToolbox SPF Checker. Enter your domain, and it’ll show your SPF record and any issues (e.g., too many lookups, syntax errors).
You can also send a test email to a service like mail-tester.com. It’ll give you a report on your email setup, including whether SPF passes.
Step 5: Monitor and Troubleshoot
Once SPF is set up, keep an eye on your email delivery. If emails are still bouncing, check the bounce message—it might not be SPF-related. It could be something else, like a DKIM or DMARC issue, or your server being on a blacklist.
If you’re having trouble, double-check your SPF syntax. Common mistakes include:
- Multiple SPF records (you should only have one).
- Missing
-allat the end (or using~allfor soft fail, which might not be strict enough). - Too many
include:directives (SPF has a limit of 10 DNS lookups).
If you’re stuck, feel free to reach out—I’m happy to help!
Final Thoughts
Setting up SPF is a small but powerful step to protect your domain and ensure your emails get delivered. It’s something I always recommend to anyone managing their own email setup. Once you’ve got SPF in place, you might also want to look into DKIM and DMARC to further secure your email—they work together to make your domain even more trustworthy.