Sender Policy Framework (SPF) records specify what mail servers are permitted to send email from your domain. In this way, they help prevent spammers from disguising themselves as you and can help to reduce spam/spoofing.
For more details regarding message spoofing, please refer to the following article:
How does SPF work?
Mail servers that receive an email for delivery can check SPF by comparing the sending server's IP address against the email's envelope sender's SPF DNS record. If the email was sent from a server that is not included in that SPF record, the email is more likely to be spoofed or untrustworthy. The receiving mail server may handle the email differently because of the SPF failure, such as marking the email as spam or rejecting the email.
DreamHost SPF records
If you are not using DreamHost nameservers, you must set up the SPF records with the current mail DNS provider instead.
Keep in mind that SPF treats subdomains (such as sub.example.com) separately, thus, you may wish to specify SPF records both for example.com and any hosts such as yourhost.example.com.
If your email is hosted at DreamHost and you have NOT added a custom SPF record
This section only applies if your email is hosted at DreamHost and you currently do not have a custom SPF record set up on your domain. You can check where your MX records are pointed on a site such as this:
If your email is hosted with DreamHost, the result should appear like this:
Non-filtered MX records:
Filtered MX records (MailChannels):
View the following article to verify that the output matches the DNS info you see in the panel:
DreamHost will then add the following SPF record automatically to your domain:
v=spf1 mx include:netblocks.dreamhost.com include:relay.mailchannels.net -all
If your email is hosted at DreamHost and you already added a custom SPF record
This section only applies if your email is hosted at DreamHost and you already have a custom SPF record set up on your domain. For example, you may already have a Google SPF record set up that looks like this:
v=spf1 include:_spf.google.com ~all
If you also need to add DreamHost's record of include:netblocks.dreamhost.com, you can add it like this:
v=spf1 include:_spf.google.com include:netblocks.dreamhost.com -all
View the 'Adding custom DNS records' article for instruction on how to edit an existing TXT record.
What happens if I add a new custom SPF record?
If you add a custom SPF record to your domain, the default DreamHost SPF record is automatically removed. If you need it back, you must manually add it as shown above.
What happens if I delete my custom SPF record?
If you delete your custom SPF record, the DreamHost SPF record is added automatically.
What if I’m sending email off the web server from a contact form?
It’s highly recommended that any email you send from your webserver use SMTP. This ensures the email is sent from the mail server and uses the correct SPF records. View the following articles for further information:
Testing your SPF record
There are a few ways to test your SPF record before and after creating it:
- SPF Record Testing Tools is a tester for verifying the syntax of a record before you add it, and a DNS lookup to check that the record has been published.
- Test the SPF record using Gmail or Yahoo by sending an email to either or both hosts from all of the sources from which you send email.
- Test by sending an email to an automated testing tool from all of the sources from which you send email.
A note about the envelope sender
When SPF checks are handled by the recipient host, the validation is done on the envelope sender, and not on the actual header details. Information regarding the difference between the 'envelope' sender and the actual 'from' header details is outlined here: