What SPF records do I use?

The basic information needed for your domain's SPF record to permit its mail servers should be provided to you by your mail host. 

If you’re hosting your email with DreamHost, view the ‘DreamHost SPF records’ section below.

How to add an SPF record

SPF records are text records. View the 'How do I add an SPF record' article for instructions on how to add a text record to your domain.

DreamHost SPF records

If you’re hosting your email at DreamHost, no changes need to be made to your SPF records. DreamHost’s SPF records are generated automatically and should work without any issues or additional changes.

IP's in DreamHost’s SPF records include mail servers and the relay machine IP addresses.

What if I’m sending email off the web server from a contact form?

It’s highly recommended that any email you send from your webserver use SMTP. This ensures the email is sent from the mail server and uses the correct SPF records. View the following articles for further information:

Google SPF records

For Google hosted mail users, the following link provides details on what to put in your domain's SPF record to permit Google’s mail servers:

For other hosts, you must contact them for details on their SPF information.

Advanced SPF

An advanced SPF record includes more than just the default mail servers: it also has information on all other servers that send mail for the domain. The following is an example of an advanced SPF record:

v=spf1 ip4:321.321.321.321 include:_spf.google.com include:shaw.ca mx ~all
Tag Description
v=spf1
Identifies this DNS record as an SPF version 1 record.
ip4:321.321.321.321
IP address of a specific server, such as your web server for scripts that send mail directly from that server. You can get your web server IP from the ‘Manage Domains’ page. View the DNS article for details.
include:_spf.google.com
Includes all of the SPF records from Google, which in this example, is where the domain's mail service is hosted.
include:shaw.ca
Includes all the SPF records for Shaw Cable in Canada, an ISP. In this example, mail from the domain is sometimes sent through the ISP's SMTP server.
mx
Includes all of the MX servers the domain uses, listed in the domain's MX DNS records.
-all
Says all other servers are not authorized, and only mail sent from the listed servers will 'pass'.

-all (dash) or ~all (tilde) or ?all

The symbol before "all" indicates how strict the SPF record is enforced.

  • ?, question mark, makes the whole record inactive, as though the domain had no SPF record at all.
  • -, dash, makes the record strict, and any mail from servers not listed will be marked "fail" and may be marked as spam or rejected entirely.
  • ~, tilde, is between the other two options in strictness. Any mail from servers not listed will be marked "softfail". While intended for testing, it is recommended to be used to avoid delivery issues as noted in this article.

The following table shows SPF information for various mail providers that are in popular use:

Provider SPF Information
Campaign Monitor
include:cmail1.com
Constant Contact
include:spf.constantcontact.com
Freshbooks
include:_spf.freshbooks.com
Google
include:_spf.google.com
Hostgator
include:websitewelcome.com
MailChimp
include:servers.mcsv.net
Microsoft/Hotmail
N/A (uses SenderID)
Shaw Communications Ltd.
include:shaw.ca
Telus
include:telus.net

Testing your SPF record

There are a few ways to test your SPF record before and after creating it:

A note about the envelope sender

When SPF checks are handled by the recipient host, the validation is done on the envelope sender, and not on the actual header details. Information regarding the difference between the 'envelope' sender and the actual 'from' header details is outlined here:

Troubleshooting

You may see the following error after setting up your SPF record.

550 SPF:69.163.253.135 is not allowed to send mail from $domain.tld (in reply to RCPT TO command)

This usually means that your SPF record is not configure properly. You must specify a permitted sender as shown in the section above titled 'DreamHost SPF records'. Make sure to add the netblocks address as shown: 

v=spf1 include:netblocks.dreamhost.com

See also

Did this article answer your questions?

Article last updated PST.