Ensure mail delivery with DNS SPF record

There is nothing more frustrating than not been able to send emails correctly. You want to reach to clients with new offers, contact suppliers for additional materials, inside the company communication, and all with problems! What you need is to fix all the issues and missing configurations. Ensure email delivery with DNS SPF record and a few more DNS record types.

What is the DNS SPF record?

Domain Name System Sender Policy Framework record, or DNS SPF record for short, is a DNS record that provides important information about a domain name that indicates the outgoing mail servers it has.

If the MX records show which email servers should handle incoming emails for a domain name, the SPF records show which email servers should send emails on behalf of a domain name.

When you send an email to another person, like, for example, John@site.com, the incoming mail servers of site.com will first check your domain name. They will be searching for the SPF record and follow the rules that it establishes. Only if the SPF record is present, then your email will be received without been discarded or put into the SPAM box.

What rules can a DNS SPF record establish?

The rules depend on two groups that are qualifiers and mechanisms of the SPF record are.

The DNS SPF qualifiers are:

  • “-” the minus symbol means FAIL. It signals that the messages from the domain must be rejected.
  • “~” the tilde symbol means SOFT FAIL. It signals that the messages from the domain should get a failed tag, but can be allowed too.
  • “?” the question mark symbol means NEUTRAL. It is a signal that there are no policies involved (none).
  • “+” the plus symbol means PASS. It signals that the messages from the domain should be accepted.

The DNS SPF mechanisms are: 

  • ” all” – If all is present, all mechanisms after it will be ignored.
  • ” include” – Include gives you the chance to add more domains that can send emails from the mail servers of the domain where this SPF record is hosted. You can combine site.it, site.co.uk, and site.asia to send from site.com.
  • ” a” – If you choose A, then the A or AAAA records will need to make a match with the return path so emails can be allowed.
  • ” mx” – If you choose MX, then an MX query needs to be performed and to match the return path. If they match, then it is allowed. 
  • ” ptr” – If you choose PTR, then a PTR query needs to be performed and to match the return path. If they match, then it is allowed.
  • ” ip4” – This will check only A records (IPv4 addresses) to see if the addresses are corespondent to the domain.
  • ” ip6” – This will check only AAAA records (IPv6 addresses) to see if the addresses are corespondent to the domain.
  • ” exists” – For complex queries.

Ensuring mail delivery with DNS records

There are several DNS records that will help you ensure the mail delivery and the reception of emails include – A, AAAA, MX, PTR, SPF, DKIM, DMARC records. 

A – links domain name to IP address version 4. 

AAAA – links domain name to IP address version 6.

MX – Shows the mail servers for accepting messages for the domain name. 

PTR – servers to link IP address (IPv4 or IPv6) to hostnames. 

SPF – Shows the mails servers for sending emails for the domain name and policies. 

DKIM – encrypts the emails and stops spoofing

DMARC – uses both DKIM and SPF to provide better overall security.

Leave a Reply

Your email address will not be published. Required fields are marked *