Last Updated: February 25, 2016
· yourivdlans

SPF record

Recently I found out that emails being sent from our server were getting a softfail on the SPF record. This meant our server wasn't actually allowed to send emails from Some servers would mark these mails as spam.

After digging and pulling a few hairs I found out gmail was using our ipv6 address to validate the SPF record, so our original record didn't suffice.

A simple SPF record could look like this:

v=spf1 a mx -all

Which will validate all the "a" and "mx" records for the domain and disallow all others.

When using google apps the suggested record would be:

v=spf1 a mx -all

And in our case we would use something like the following:

v=spf1 a mx ip6:0000:0000:0000:0000:0000:0000:0000 -all

See the syntax for all possible modifiers and options.

Also, a few testing tools could come in handy.

Lastly, you could use gmail to see if it passes the SPF check. Just open the original for an email and look for a line which begins with "Received-SPF".