SIGN UP FREE

SPF Record Lookup in 3 Steps

E-mail authentication became more and more important as e-mail phishing attacks grow and the average loss for mid size companies become bigger and bigger. EasyDMARC’s SPF record lookup tool shows that 68% of checked domains have issues with SPF record.

In general, e-mail authentication can be reached by SPF, DKIM, DMARC protocols. SPF, in particular, is the mechanism that prevents fraudsters and hackers from sending unauthorized e-mails on behalf of corporate domain.

From configuration’s standpoint SPF is a DNS TXT record. The SPF txt record defines authorized sources such as domains or IP addresses.

Setting up the SPF record

There are 3 easy steps to setup SPF record:

1. Create an SPF record that fits your needs
2. Publish the SPF TXT record into your DNS configuration
3. And finally, after DNS propagation run the SPF record lookup tool to be sure that SPF lookup has no failures.

How to create an SPF record

For example, if you use several services, e.g. Google apps, ZenDesk or an in-house e-mail server to send emails from your domain, then the SPF record will look like:

v=spf1 ip4:185.7.214.251/32 include:mail.zendesk.com include:_spf.google.com -all

Let’s go into details:

  • v=spf1 is the version of the protocol
  • ip4:185.7.214.251/32 is the IP address of your server
  • include:mail.zendesk.com include:_spf.google.com part defines the services that you use to send e-mails
  • and at last, -all is the published SPF policy.

To simplify SPF record creation you can use any free SPF record generator. EasyDMARC’s SPF Record generator is particularly made to make the process easy and fast.

SPF record generator by EasyDMARC
SPF record generator by EasyDMARC

Limitations to SPF record

Multiple lookups

You can include several SPF records into each other but due to security reasons SPF  record can’t have more than 10 lockups. If you have more then 10 SPF lockups you need to fix it with SPF lookup tool or you can ask EasyDMARC support to help you, otherwise e-mail service providers will skip your SPF record.

Symbol limitations

SPF record also can’t contain more than 255 symbols. To solve this problem you have 2 options:

  1.  You can create several sub SPF records and include them in your main record:
    example: v=spf1 include:_spf1.exapmle.com include:_spf2.example.com -all
  2. You can concatenate multiple strings together without adding spaces.
    example: v=spf1 stringA stringB -all can be changed to v=spf1 AB string -all

Preventing Lookup Loops

This is quite an advanced configuration and requires experience to set this up smoothly in short time. If you have difficulties you can always reach EasyDMARC support.

TECHNICAL HELP

Verifying SPF configuration

After DNS propagation you need to check the record with SPF lookup tool.

SPF record lookup tool by EasyDMARC
SPF record lookup tool by EasyDMARC

If you see green color without mentioned issues – then you did it!

What’s Next?

Generally speaking after publishing good SPF record you have done the first step for your e-mail authentication process. After it you need to publish your DKIM and DMARC records.

Here are several articles that will help you to setup DKIM and DMARC records:

How to fix No DMARC record found

Stop worrying about email phishing

Deploy your DMARC record

Furthermore, we recommend to use monitoring and alerting for your SPF record. You should maintain it to have latest correct values and not be outdated. Remember that outdated SPF record may result in e-mail rejections.

As can be seen manual setup is quite tough and there are many places to [do wrong things]. That is why we created EasyDMARC. EasyDMARC guides you step by step to reach perfect e-mail authentication in short terms.

Check other posts below

How To Add DMARC Record To GoDaddy in 3 easy steps

E-mail authentication plays an important role to allow e-mail receiver identify the sender. Obviously, DMARC is one of the best industry solutions to prevent your business domain from phishing and email fraud. In this post we will show you how to create GoDaddy DNS DMARC...

Read More

How to Add DMARC Record to Azure DNS

DMARC is an email authentication standard, policy, and reporting protocol. In EasyDMARC the DMARC record is mandatory to start receiving aggregated reports for your domain. Before moving forward we recommend to start by checking your domain for the DMARC record. This guide will show how to...

Read More

How to fix "No DMARC record found"

When you see "No DMARC record" or "DMARC record not found" or "DMARC record is missing" that's means your domain misses the most effective and powerful email authentication mechanism such as DMARC. To block fake emails send from that domain. That kind of attacks are...

Read More