Create an SPF policy
Last updated on: 2021-06-15
Authored by: William Loy
This article explains how to create an SPF policy to protect your email traffic.
- Applies to: Administrator
- Difficulty: Easy
- Time needed: 15 minutes to create a record, 24-48 hours for the record to propagate
- Tools required: DNS host administrator access
You also need access to update DNS entries for your domain. If you do not know where your DNS lives, see Find your DNS host.
For more information on prerequisite terminology, see Cloud Office support terminology.
An SPF policy alone is not enough to protect the integrity of your domain email. To create a secure email verification policy, we recommend the following:
Create an SPF record
Log in to the Control Panel for your domain DNS host.
Create a TXT record with the following specifications:
Type Hostname Destination TTL TXT @ v=spf1 include:emailsrvr.com ~all 3600
Decide how you want to enforce SPF failures:
- ~all: results in a soft fail (Not authorized, but not explicitly unauthorized).
- -all: results in a hard fail (Unauthorized).
- ?all: neutral (As if there is no policy at all).
Enter your choice after v=spf1 include:emailsrvr.com and save your changes.
Adding the IP or server names after include: allows mail servers.
Type Hostname Destination TTL TXT @ v=spf1 include:emailsrvr.com include:othermailer.com ~all 3600
Save your changes.