To reduce the likelihood that bulk emails are blocked as spam, it is desirable / advisable to specify an SPF (Sender Policy Framework). The purpose of this is to inform the recipient servers that these messages come from a permissible server.
SPF was initiated by Meng Weng Wong of pobox.com to enable the validation of legitimate sources of email for a domain and is now an IETF standard (RFC 4408).
You can check if you have an SPF record here
If you do not have an SPF you should consider whether to go for a ’softfail’ or a ’neutral’ termination code, detailed descriptions of the difference between these codes is mentioned later in the document. If you already have an SPF in place and in use, you can include the new rule set in the existing rule set.
If you have no existing SPF with a domain name customer.com and choose to go for a neutral exit code you must create a TXT record that looks like this:
customer.com IN TXT ”v=spf1 include:spf.infostorm.no ?all”
If you use a DNS control panel of some sort, you can specify the type as TXT and this string:
”v=spf1 include:spf.infostorm.no ?all”
Note that quotation marks are part of the text and should be included.
For a customer with an existing SPF with a domain name customer.com, an SPF looks like this:
customer.com IN TXT ”v=spf1 ip4:customers-ip-net/24 include:spf.infostorm.no ~all”
For assistance with the creation of this record the clients should contact their DNS provider, as this procedure will differ from provider to provider.
Explanation of the various exit codes:
“?all” – neutral – SPF queries that do not match any other mechanism will return “neutral”. Messages that are not sent from an approved server should still be accepted as if the SPF record did not exist
“~all” – softfail – SPF queries that do not match any other mechanism will return “softfail”. Messages that are not sent from an approved server should still be accepted but may be subject to greater scrutiny
“-all” – hardfail – SPF queries that do not match any other mechanism will return “hardfail”. Messages that are not sent from an approved server are rejected.
We do not recommend using hardfail unless you have complete control over the servers that send email on behalf of a domain.
