In 2022, Arkansas, New Hampshire, Nevada, and California lost an average of $80,318.46, $47,477.38, $37,478.13, and $37,281.46 per capita, respectively, to phishing attacks. Cybercrimes like these can be prevented with SPF, DKIM, and DMARC.
SPF is a protocol that shields businesses against phishing attacks and boosts senders’ reputations by ensuring only authorized entities send emails from your domain or subdomain. To start with its implementation, you need to create an SPF TXT record and add it to DNS. This helps recipients’ servers locate the record and cross-check whether the sender’s email address belongs to the list.
5 Steps to Create an SPF Record for Email Authentication and Improved Deliverability
Step 1: Create a List of IP Addresses
To create an SPF record in DNS, start putting together an extensive list of IP addresses you allow to send emails from your domain or subdomain. Also, consider if any of the following is used to send emails on your company’s behalf-
- Web servers
- Email service provider’s mail server
- In-office mail servers
- The mail server of your end users’ mailbox providers
- Third-party mail servers allowed to send emails on behalf of your brand or business.
You can take the support of your ESP or IT system administrator if you don’t know how to retrieve IP address information.
Step 2: Make a List of Your Sending Domains
If your brand or company has more than one domain, you need to create SPF DNS records for all of them, including the ones you don’t use for mailing. This is because malicious actors often try spoofing non-email-sending domains or subdomains.
Step 3: Create an SPF Record for Your Domain
This is the most critical step in learning how to create SPF record. An SPF record includes instructions and details about a domain along with IP addresses permitted to send emails and how to handle requests from that domain.
A non-IT expert can take care of the first two steps of this guide on how to create an SPF record for my domain, but post that, you require technical expertise. So, this is what you or the technical expert needs to do-
Image sourced from www.servercake.com
- To create an SPF record, begin with v=spf1 followed by IP addresses authorized to send emails from your domain. Here’s an example- v=spf1 ip4:1.1.2.2 ip4:2.2.4.5
- Use the ‘include’ tag in your record to allow any third party to send emails on your behalf. This could be your outsourced marketing or PR team. Example- include:agency.com.
- Once you have added all the IP addresses, end your SPF record with the ~all or -all tags. An ~all tag represents a softfail, which means emails that fail SPF authentication checks will land in the recipient’s spam folder and not in the inbox. The -all tag indicates hardfail that gives an order to recipients’ email service providers (like Gmail and Yahoo) to reject the entry of emails failing authentication checks outrightly.
- Make sure there aren’t more than 255 characters in length, and you don’t include more than ten include statements.
- Your SPF record would look like this-
v=spf1 ip4:1.1.2.2 ip4:2.2.4.5
Include:agency.com -all
- For non-email-sending domains, the SPF TXT records will exclude any modifiers except for -all.
If you have followed all the bullet points carefully, then by now, your SPF record will be created.
Step 4: Publish Your SPF Record to DNS
Now that you know the answer to ‘how to create an SPF record for my domain’, you must know that in the next step, you or someone on your behalf has to connect with your DNS server administrator to publish the new record. Please remember that SPF records and MX records are two different things and shouldn’t be used interchangeably.
The process becomes easier if you use tools from hosting service providers like GoDaddy.
Step 5: Test Your Record
Lastly, test your SPF record to check if it’s working correctly. It’s a vital part of the pre-send optimization exercise and should be performed before sending out emails for a major marketing or PR campaign.
Use a credible SPF record checker to know your SPF record’s existing syntactical and configurational errors. An erroneous SPF record hampers bulk emails’ performances, blurring the effectiveness of email marketing and other important conversations.
Stay Ahead of Malicous Actors
The malicious cyberworld is becoming more sophisticated with its foolproof techniques, pushing companies to step-up their email security. To create an SPF record, follow a five-step process that begins with gathering all the IP addresses allowed sending emails from your domain, followed by learning SPF record syntax for generating a non-erroneus record.
If all this sounds too technical to you, then simply reach out to us. We’ll take care of your SPF journey, ensuring a boosted email deliverability rate and prevention against phishing attacks attempted in your business’ name.