SPF overview

Overview

Sender Policy Framework (SPF) records specify what mail servers are permitted to send email from your domain. In this way, they help prevent spammers from disguising themselves as you and can help to reduce spam/spoofing.

For more details regarding the message spoofing, please refer to the following article:

How does SPF work?

Mail servers that receive an email for delivery can check SPF by comparing the sending server's IP address against the email's envelope sender's SPF DNS record. If the email was sent from a server that is not included in that SPF record, the email is more likely to be spoofed or untrustworthy. The receiving mail server may handle the email differently because of the SPF failure, such as marking the email as spam or rejecting the email.

DreamHost SPF records

If you are not using DreamHost nameservers, you must set up the SPF records with the current mail DNS provider instead.

Keep in mind that SPF treats subdomains (such as sub.example.com) separately, thus, you may wish to specify SPF records both for example.com and any hosts such as yourhost.example.com.

If your email is hosted at DreamHost and you have NOT added a custom SPF record

This section only applies if your email is hosted at DreamHost and you currently do not have a custom SPF record set up on your domain. You can check where your MX records are pointed on a site such as this:

If your email is hosted with DreamHost, the result should appear like this:

vade-in1.mail.dreamhost.com
vade-in2.mail.dreamhost.com

DreamHost will then add the following SPF record automatically to your domain:

v=spf1 mx include:netblocks.dreamhost.com include:spf1.mailchannels.net include:spf2.mailchannels.net -all

If your email is hosted at DreamHost and you already added a custom SPF record

This section only applies if your email is hosted at DreamHost and you already have a custom SPF record set up on your domain. For example, you may already have a Google SPF record set up that looks like this:

v=spf1 include:_spf.google.com ~all

If you also need to add DreamHost's record of include:netblocks.dreamhost.com, you can add it like this:

v=spf1 include:_spf.google.com include:netblocks.dreamhost.com include:spf1.mailchannels.net include:spf2.mailchannels.net -all

View the 'How do I add custom DNS' article for instruction on how to edit an existing TXT record.

What happens if I add a new custom SPF record?

If you add a custom SPF record to your domain, the default DreamHost SPF record is automatically removed. If you need it back, you must manually add it as shown above.

What happens if I delete my custom SPF record?

If you delete your custom SPF record, the DreamHost SPF record is added automatically.

What if I’m sending email off the web server from a contact form?

It’s highly recommended that any email you send from your webserver use SMTP. This ensures the email is sent from the mail server and uses the correct SPF records. View the following articles for further information:

Testing your SPF record

There are a few ways to test your SPF record before and after creating it:

A note about the envelope sender

When SPF checks are handled by the recipient host, the validation is done on the envelope sender, and not on the actual header details. Information regarding the difference between the 'envelope' sender and the actual 'from' header details is outlined here:

See also

Did this article answer your questions?

Article last updated PST.