chua3w
Last Updated: February 25, 2016
·
1.311K
· yourivdlans

SPF record

Recently I found out that emails being sent from our server were getting a softfail on the SPF record. This meant our server wasn't actually allowed to send emails from @example.com. Some servers would mark these mails as spam.

After digging and pulling a few hairs I found out gmail was using our ipv6 address to validate the SPF record, so our original record didn't suffice.

A simple SPF record could look like this:

v=spf1 a mx -all

Which will validate all the "a" and "mx" records for the domain and disallow all others.

When using google apps the suggested record would be:

v=spf1 a mx include:_spf.google.com -all

And in our case we would use something like the following:

v=spf1 a mx ip4:xxx.xxx.xxx.xxx ip6:0000:0000:0000:0000:0000:0000:0000 -all

See the syntax for all possible modifiers and options.
http://www.openspf.org/SPF_Record_Syntax

Also, a few testing tools could come in handy.
http://www.kitterman.com/spf/validate.html
http://mxtoolbox.com/spf.aspx

Lastly, you could use gmail to see if it passes the SPF check. Just open the original for an email and look for a line which begins with "Received-SPF".