SPF Record: Difference between revisions

Back up to the Email Category
From AAISP Support Site
mNo edit summary
mNo edit summary
Line 12: Line 12:


v=spf1 mx include:_spf_include.aa.net.uk ~all
v=spf1 mx include:_spf_include.aa.net.uk ~all

This says to accept email from the mx records (<code>mx</code>) and A&A's published list of IP addresses (<code>include:_spf_include.aa.net.uk</code>) , everything else should be marked as possible junk (<code>~al</code>).

Thi sis just a brief example, there are lots of information and spf 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)


==Testing with Gmail==
==Testing with Gmail==

Revision as of 09:13, 20 June 2019


Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.

Whilst we don't provide DMARK or DKIM features on our email service customers are are welcome to use their own email servers and configure them as they wish.

However, customers may be able to add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages for you.

Typically, our customers would use smtp.aa.net.uk to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too.

To cover the IP addresses of the A&A email servers, you can include _spf_include.aa.net.uk, eg:

v=spf1 mx include:_spf_include.aa.net.uk ~all

This says to accept email from the mx records (mx) and A&A's published list of IP addresses (include:_spf_include.aa.net.uk) , everything else should be marked as possible junk (~al).

Thi sis just a brief example, there are lots of information and spf 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)

Testing with Gmail

You can send an email to a gmail address, and then look at the received headers to see what Gmail think about the SPF records. (In gmail, open the email, click the 3 dots and select show original)

No spf:

ARC-Authentication-Results: i=1; mx.google.com;
      spf=neutral (google.com: 81.187.30.51 is neither permitted nor denied by best guess record for domain of xx@xx.org.uk) smtp.mailfrom=xx@xx.org.uk

With spf

ARC-Authentication-Results: i=1; mx.google.com;
      spf=pass (google.com: domain of xx@xx.com designates 81.187.30.52 as permitted sender) smtp.mailfrom=xx@xx.com