This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
Also see DKIM
SPF = Sender Policy Framework
SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.
Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.
However, customers can add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages from you.
Typically, our customers would use
smtp.aa.net.uk to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too. In these cases, you'd add the IP addresses as: ip4:x.x.x.x and/or ip6:xxxx:xxxx:xxxx::xxxx
To cover the IP addresses of the A&A email servers, you can include
v=spf1 mx include:_spf_include.aa.net.uk ~all
This says to accept email from the mx records (
mx) and A&A's published list of IP addresses (
include:_spf_include.aa.net.uk) , everything else should be marked as possible junk (
~all). This should be added as a domain level TXT record (Typically "@" through a control panel).
This is just a brief example of SPF, the record above will be useful to customers who only send email via
smtp.aa.net.uk. There are lots of information and SPF 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)
Example, Looking at Gmail headers
You can send an email to a gmail address, and then look at the received headers to see what Gmail think about the SPF records. (In gmail, open the email, click the 3 dots and select show original)
ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 18.104.22.168 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) email@example.com
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of firstname.lastname@example.org designates 22.214.171.124 as permitted sender) email@example.com