This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Back up to the Email Category

SPF Record

From AAISP Support Site
Jump to navigation Jump to search

Also see DKIM

SPF = Sender Policy Framework

From Wikipedia:

SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.

Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.

However, customers can add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages from you.

Typically, our customers would use to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too. In these cases, you'd add the IP addresses as: ip4:x.x.x.x and/or ip6:xxxx:xxxx:xxxx::xxxx

To cover the IP addresses of the A&A email servers, you can include, eg:

v=spf1 mx ~all

This says to accept email from the mx records (mx) and A&A's published list of IP addresses ( , everything else should be marked as possible junk (~all). This should be added as a domain level TXT record (Typically "@" through a control panel).

This is just a brief example of SPF, the record above will be useful to customers who only send email via There are lots of information and SPF 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)

Example, Looking at Gmail headers

You can send an email to a gmail address, and then look at the received headers to see what Gmail think about the SPF records. (In gmail, open the email, click the 3 dots and select show original)

No spf:

ARC-Authentication-Results: i=1;;
      spf=neutral ( is neither permitted nor denied by best guess record for domain of

With spf

ARC-Authentication-Results: i=1;;
      spf=pass ( domain of designates as permitted sender)