Note: This guide contains best practices and suggestions. We aim to ensure this guide is as accurate as possible, however many scenarios are different and email is a critical business tool. Always check with an expert before modifying your DNS.

What Is DNS

The Internet is based on IP Addresses, eg 111.222.333.444
DNS ("Domain Name Service") tells computers how to find websites. For example, if you put www.domain.com into your web browser, DNS tells your computer what the true IP Address should be.


What Is SPF

SPF ("Sender Policy Framework") is a DNS validation tool primarily used to combat spam and phishing using forged email addresses.

Your domain name's SPF record will list the servers that are allowed to send emails as your domain name. When a server receives an email, it will check the your DNS SPF Record to ensure the server sending the email is allowed to.

An example SPF record: "v=spf1 mx include:spf.protection.outlook.com ip4:111.222.333.444 -all"  - in this example, only the servers listed under "spf.protection.outlook.com" and the server at IP Address 111.222.333.444 are allowed to send email.

 

What does an SPF bounce look like?

If an email is bounced due to SPF, two things will happen:

1) The sending email server will receive a bounceback/rejection notice. An example: 550 5.7.0 Message rejected per SPF policy

2) The receiving server will not receipt the email (or it may receive the email and file it into spam).

How do I fix an SPF error?

If you are sending emails that are being rejected due to SPF, it is because the IP Address/Server sending the email is not listed on your domain's SPF.

You will need to contact your domain administrator (this is most likely your ISP) and advise that you need your DNS SPF record updated to add in an extra entry.

If you are using TNZ's Email service, the SPF entry to add is: include:_spf.tnz.co.nz  - using the earlier example, the updated SPF record is: "v=spf1 mx include:spf.protection.outlook.com ip4:111.222.333.444 include:_spf.tnz.co.nz -all"

 

How do I check what my SPF record says?

Updates to your DNS and SPF Record can take a few hours to propagate globally.

A useful SPF checking tool is: MXToolbox

Another SPF checking method when using a Windows computer:
1) Open a Command Prompt (select Start | Run | type ‘cmd’)
2) Type ‘nslookup’ into the console screen and press enter
3) Type ‘set type=txt’ into the console screen and press enter
4) Type your domain name (eg ‘domain.com’) into the console screen and press enter