Note: This guide contains suggestions for best practices when configuring your DNS. While we aim to ensure this guide is as accurate as possible, many scenarios are different and email is a critical business tool. Always check with an expert before modifying your DNS.
What Is DNS (Domain Name Service)
The Internet is based on IP Addresses, eg 111.222.333.444
Domain Names are alphabetic, eg www.domain.com DNS is in place to help computers translate www.domain.com into a usable IP Address 111.222.333.444
What Is SPF (Sender Policy Framework)
SPF is in place as an email validation tool, primarily used to combat spam and phishing using forged email addresses.
On a domain’s DNS, the SPF can optionally be specified. If the SPF is specified, the receiving email server will check the sender’s SPF record to ensure the sending device is authorised to send email.
The SPF record looks like: "v=spf1 mx ip4:111.222.333.444 -all"
What does an SPF bounce look like?
If an email is bounced due to SPF, two things will happen:
1) The sending email server will include an error in the email log. For example: 550 5.7.0 Message rejected per SPF policy
2) The sender will receive a returned email that states that delivery failed due to an SPF policy issue (this text can vary depending on the email server)
How do I fix an SPF error?
If your email has been rejected due to SPF, it is because the IP Address/Server that you’re sending from is not listed on your domain’s SPF.
You will need to contact your domain administrator (this is most likely your ISP [Internet Service Provider]) and advise that you need your DNS SPF record updated to add in an extra IP Address. You can forward them the returned email for their own verification.
How do I check what my SPF record says?
The simplest way to check your domain’s SPF record is:
1) Open a Command Prompt (on a Windows computer, select Start | Run | type ‘cmd’)
2) Type ‘nslookup’ into the console screen and press enter
3) Type ‘set type=txt’ into the console screen and press enter
4) Type your domain name (eg ‘domain.com’) into the console screen and press enter