To publish an SPF record, you will need access to your domain’s DNS control panel. If you are using a hosting provider, this process is fairly straightforward – just check their technical documentation. If you are unsure how to do this, you can contact support team or your domain administrator for assistance.
To learn how SPF works and why it is such an important security feature, read the article “What is SPF and how to configure it for a domain?”
Start by gathering a list of all domains you own, as you need to update or prepare a new, separate SPF record for each domain. Make sure you also include inactive (aka parked) domains that do not send emails, to also protect them from abuse and potential phishing.
Identify all services which send messages on behalf of your domain(s), including external tools. This includes:
IMPORTANT: If the SPF record does not include all services or servers sending mails on behalf of your domain, receiving servers may direct messages into spam. Remember to update your record after any change in IP or sending tool.
The SPF is expressed as a single string of text, published as a DNS TXT. It consists a list of values (usually IP addresses and domain names) and tags, i.e. various mechanisms and modifiers.
Each domain must have only one SPF record.
Remember, your new SPF record may require up to 48 hours to take effect.
For example: v=spf1 ip4:192.0.2.0 ip6:2001:db8: :cd30
! The given value is an example and does not point to specifics of EmailLabs servers.
For example: v=spf1 ip4:192.0.2.0 ip6:2001:db8: :cd30 include:domainname.com
To authorize EmailLabs to send emails on behalf of your domain, add the following entry to your SPF TXT record:
Receiving server checks wheter an IP from which the message was sent is indicated in ip4/ip6 or whether it matches servers pointed by “include” mechanism.
Note: A single SPF record cannot have more than 255 character-string and should not contain more than 10 lookups to other domains or servers. Each parameter should be separated by a space.
// Instruction above presents only a basic overview of the mechanisms that an SPF record can be composed with. You may find records that also include ptr, exists or redirect mechanisms//
“All” mechanism (always matches) is placed at the end of the SPF record. It indicates what policy and how strictly it should be applied when the receiving server detects a sender that is not authorized in your SPF record.
The “all” mechanism can contain various qualifiers:
For example: v=spf1 ip4:192.0.2.0 ip6:2001:db8: :cd30 include:domainname.com ~all
Mechanisms listed after the “all” will be ignored, so remember to put it at the very end of the record.
In addition to SPF, we also recommend configuring DKIM and DMARC. The above authentication methods provide enhanced domain security and increase the likelihood of proper delivery of Emails to the recipient’s mailbox.
mBank was the first bank in our country to declare war on cybercriminals’ activities and implement sender authentication in the most popular mailboxes used by their customers. These solutions...
Sociotechnic, or in other words social engineering, is any action that influences another individual in order to persuade him to take certain actions, which may not be in his...
Promotional emails usually contain a significant amount of information – we are talking here not only about the content, but also graphics presenting the products covered by the promotion,...
Ignoring the mistakes made in previous years and failing to learn the right lessons are the main ‘sins’ of marketers preparing campaigns for Black Friday – a day considered...
We’re launching our CyberLabs series on the latest news from the cybersecurity world. Based on practical examples, our pentester will give tips on how to prepare for potential threats...
An ESP (Email Service Provider) is a software-based service for email distribution, often based on its servers, optimized for high (mass) traffic. Many of them enable integration with CRM...
Vercom, to which EmailLabs belongs, is a European company, fully compliant with the provisions of GDPR and based solely on its own servers located in CEE. We provide our...
Email security is an essential element that every company needs to ensure during the era of evolving cybercrime. Attacks by hackers on business entities very often target precisely email...