A Sender Policy Framework (SPF) record identifies which mail servers are allowed to send email on behalf of your domain. Having valid SPF records increases the chance emails you send will get to their intended recipients. The absence of SPF records increases the likelihood that email from a domain will be marked as spam.
SPF, outlined in RFC 4408
, allows a receiving Mail Transfer Agent (MTA) to query the DNS of a domain which appears in the sender field of an email. It determines if the source IP address of the message is authorized to send mail for the sender’s domain. If an SPF resource record exists and authorizes the source IP address, the mail can be accepted by the MTA. If the SPF resource record does not authorize the IP address, the mail can be bounced, indicating that it did not originate from an authorized source for the sender’s domain.
The MTA can also use SPF to verify the hostname the sending server uses to identify itself - the HELO greeting name.
Below is an example of an SPF record for domain.com with the corresponding sections color coded to explain what each means.
domain.com. IN SPF "v=spf1 mx -all"
Internet SPF resource record SPF version 1 mail exchange servers* exclude all other
*all A records of mail exchange servers are tested in order of MX priority. If the source IP is found among them, this mechanism matches.
You may see SPF records ending in a ~all. The ~all at the end is called a soft fail. It means that recipients may accept mail from another server, but it should be viewed with suspicion. If you change it to -all, you are directing the recipient to reject mail from any server other than those specified in the resource record.
Copy the record to your clipboard. If your site is in the shared hosting environment and you are using our name servers, log into Plesk and follow the instructions for your particular version of Plesk. If you are in the shared hosting environment but are using your registrar's DNS servers, you will need to log into your account at your registrar and add the SPF record there. If you are a dedicated server customer and are using your own custom name servers, follow the instructions for Plesk below, otherwise, log into your account with your registrar to make the necessary addition.
- Log into your Plesk Control Panel.
- Click Domains > [Domain]
- Expand Show More under the domain, if it is not already expanded.
- Click on DNS Settings
- Click Add Record.
- In Record type choose TXT.
- In the Enter record string field, click SPF record and paste everything after v=spf1 into the blank.
- Click OK.