What is a DNS SPF record? #
A sender policy framework (SPF) record is a type of DNS TXT record that lists all the servers authorized to send emails from a particular domain.
A DNS TXT (“text”) record lets a domain administrator enter arbitrary text into the Domain Name System (DNS). TXT records were initially created for the purpose of including important notices regarding the domain, but have since evolved to serve other purposes.
SPF records were originally created because the standard protocol used for email — the Simple Mail Transfer Protocol (SMTP) — does not inherently authenticate the “from” address in an email. This means that without SPF or other authentication records, an attacker can easily impersonate a sender and trick the recipient into taking action or sharing information they otherwise would not.
Think of SPF records like a guest list that is managed by a door attendant. If someone is not on the list, the door attendant will not let them in. Similarly, if an SPF record does not have a sender’s IP address or domain on its list, the receiving server (door attendant) will either not deliver those emails or mark them as spam.
SPF records are just one of many DNS-based mechanisms that can help email servers confirm whether an email comes from a trusted source. Domain-based Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM) are two other mechanisms used for email authentication.
It is worth noting that, at one point, SPF records had a dedicated DNS record type. The dedicated record type has since been deprecated and only TXT records are to be used.
You may get email bounce back from Google (Gmail) #
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
user_name@gmail.com
host gmail-smtp-in.l.google.com [ip_address]
SMTP error from remote mail server after end of data:
550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
550-5.7.26 do not pass). SPF check for [source_domain] does not pass with ip:
550-5.7.26 [ip_address].To best protect our users from spam, the message
550-5.7.26 has been blocked. Please visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.26 information. z8-20020a17090acb0800b002373125c085si9220002pjt.141 – gsmtp
To resolve this issue you will need a SPF Record #
v=spf1 +a +mx +ip4:mail_server_ip_address ~all
To Add a DNS record in cPanel #
Log into the cPanel portal
Navigate to “Zone Editor.”
Click “Manage” to the far right of your domain.
Click the drop-down menu on the “+ ADD RECORD” button and select the desired record type.
Fill in the desired values for the new DNS record and click “Add Record.”
Note: To add a SPF record you will need to build a TXT record.