Chat +1-888-563-5277 [email protected]

SPF Record Lookup in 3 Steps

E-mail authentication became more and more important as e-mail phishing attacks grow and the average loss for mid size companies become bigger and bigger. EasyDMARC’s SPF record lookup tool shows that 68% of checked domains have issues with SPF record.

In general, e-mail authentication can be reached by SPF, DKIM, DMARC protocols. SPF, in particular, is the mechanism that prevents fraudsters and hackers from sending unauthorized e-mails on behalf of corporate domain.

From configuration’s standpoint SPF is a DNS TXT record. The SPF txt record defines authorized sources such as domains or IP addresses.

Setting up the SPF record

There are 3 easy steps to setup SPF record:

1. Create an SPF record that fits your needs
2. Publish the SPF TXT record into your DNS configuration
3. And finally, after DNS propagation run the SPF record lookup tool to be sure that SPF lookup has no failures.

How to create an SPF record

For example, if you use several services, e.g. Google apps, ZenDesk or an in-house e-mail server to send emails from your domain, then the SPF record will look like:

v=spf1 ip4:185.7.214.251/32 include:mail.zendesk.com include:_spf.google.com -all

Let’s go into details:

  • v=spf1 is the version of the protocol
  • ip4:185.7.214.251/32 is the IP address of your server
  • include:mail.zendesk.com include:_spf.google.com part defines the services that you use to send e-mails
  • and at last, -all is the published SPF policy.

To simplify SPF record creation you can use any free SPF record generator. EasyDMARC’s SPF Record generator is particularly made to make the process easy and fast.

SPF-record-generator

 

Limitations to SPF record

Multiple lookups

You can include several SPF records into each other but due to security reasons SPF  record can’t have more than 10 lockups. If you have more then 10 SPF lockups you need to fix it with SPF lookup tool or you can ask EasyDMARC support to help you, otherwise e-mail service providers will skip your SPF record.

Symbol limitations

SPF record also can’t contain more than 255 symbols. To solve this problem you have 2 options:

  1.  You can create several sub SPF records and include them in your main record:
    example: v=spf1 include:_spf1.exapmle.com include:_spf2.example.com -all
  2. You can concatenate multiple strings together without adding spaces.
    example: v=spf1 stringA stringB -all can be changed to v=spf1 AB string -all

Preventing Lookup Loops

This is quite an advanced configuration and requires experience to set this up smoothly in short time. If you have difficulties you can always reach EasyDMARC support.

Verifying SPF configuration

After DNS propagation you need to check the record with SPF lookup tool.

SPF-record-lookup

If you see green color without mentioned issues – then you did it!

Curious how to check SPF record ?

SPF Record Check

What’s Next?

Generally speaking after publishing good SPF record you have done the first step for your e-mail authentication process. After it you need to publish your DKIM and DMARC records.

Here are several articles that will help you to setup DKIM and DMARC records:

How to fix No DMARC record found

Stop worrying about email phishing

Deploy your DMARC record

Furthermore, we recommend to use monitoring and alerting for your SPF record. You should maintain it to have latest correct values and not be outdated. Remember that outdated SPF record may result in e-mail rejections.

As can be seen manual setup is quite tough and there are many places to [do wrong things]. That is why we created EasyDMARC. EasyDMARC guides you step by step to reach perfect e-mail authentication in short terms.

Protect your account with 2-Factor Authentication

Two-factor authentication (also known as 2FA) is a method of electronic authentication, which adds an extra layer of security to your account in case your password is stolen. After you set up authentication in EasyDMARC, you’ll sign in to your account in two steps using: Step...

Read More

How to Implement DMARC with EasyDMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a policy that protects organizations from Business Email Compromise attacks and allows them to receive DMARC reports from mail service providers.  Also, DMARC is an email authentication protocol, that is designed to give email domain owners...

Read More

How does DMARC work: why you should use DMARC?

Protecting your email domain can do more than just prevent hackers from sending embarrassing emails on your behalf. It can also help you build a trusted relationship with business partners and employees by assuring their information is secure. Research shows that phishing attacks are...

Read More