Sender Policy Framework
Sender Policy Framework/ SPF is an Email validation system, to find out spoofed/ forged emails using a specific SPF record published for the domain with the details of hosts, that are permitted by the domain's administrators.
Sender Policy Framework/ SPF Records is a type of DNS record published in the domain's DNS that identifies the email servers that are permitted to send emails using the particular domain name. The main purpose of SPF records is to help the receiving server identify the spam emails, sent using your domain name by spoofing/ forging the From email addresses. We highly recommend the organization users to publish the SPF records for your domain.
When you send an email using firstname.lastname@example.org from Zoho Mail, the recipient servers refer the SPF records to check if the email sent from Zoho Mail is genuine. Some email servers reject the emails if there is a mismatch or if there are no valid SPF records for your domain. Generally, you can publish the SPF records as TXT records in the DNS Providers (Domain Registrars/ DNS Managers).
The Valid SPF records that need to be published are provided below:
v=spf1 include:zoho.com ~all
You can also publish the SPF record that uses -all instead of ~all. However, in some cases, it may result in delivery problems.
Steps to add SPF TXT record in GoDaddy domain manager:
- Login to your GoDaddy DNS Manager. Select the My Account menu and choose Domains.
- Expand Domains and click the Manage DNS button for the domain you want to verify.
- The DNS Manager page will open with information about existing DNS records.
- Scroll down to the Records section and click the Add button to add a DNS record
- Select TXT from the Type drop-down menu.
- In the Host field, specify @.
- In the TXT Value field, enter v=spf1 include:zoho.com ~all
- Click Save.
In case you are using only Zoho Mail to send emails, remove all the other SPF record types from the DNS. Click 'Save Changes' again to save all the changes. Having multiple SPF records will interrupt the SPF check and hence the SPF validation may fail and the emails will end up as Spam in the recipient servers.
You can check the SPF records for all the domains you have in the Organization from the SPF Verification section under Email Authentication.
Steps to verify SPF Status for Domains:
- Log in to Zoho Mail account as Administrator or Super Administrator.
- In the Control Panel, select SPF section from the left pane.
- All the domains in the organization will be listed.
- Click Verify across each domain to validate the SPF records for the domain.
- If the SPF records have been validated for all the domains, a message appears indicating the same.
Multiple SPF records are not considered valid according to the Sender Policy Framework.
When you add multiple TXT records of type SPF, it causes an interruption in the email delivery and your emails may end up being classified as Spam. As per the RFC Specifications for SPF records, a domain should not have multiple SPF records and this will cause the validation to select more than one record.
In case you need to use multiple email servers for your domain, you can update the details in the same SPF record instead of multiple entries.
If you send emails from your multiple services with IP4 address, IP6 Address and a host name the Syntax of SPF record is as explained below.
Example: If you send emails from your webhost, whose IP4 address is 192.168.20.25, from another automated server with IP6 range ip6:1080::8:800:184.108.40.206/96 and Zoho, the SPF record should be added like below:
v=spf1 ip4:192.168.20.25 ip6:1080::8:800:220.127.116.11/96 include:zoho.com ~all
Having multiple records with multiple records v=spf1 include:abc.com v=spf1 include:def.com is invalid as per the RFC specifications. In that case you need to add the SPF record in the format below:
v=spf1 include:abc.com include:def.com include:zoho.com ~all.
DNS Provider - Registrar conflict
When you register the domain with one provider, but point the Nameservers to another provider, then the TXT Record added in your Domain Registrar to configure SPF is not considered valid. You might have changed the DNS Provider for hosting your website or for your previous email provider configuration or based on your choice.
The TXT Records added in the provider where the Nameservers are pointed will only be effective and valid. Hence, do a 'NameServer' Lookup for your domain, to check where your domain is hosted. You may also check with your Domain Registrar or the technical contact for your domain on where the name servers are pointed to, if you are not sure.
TTL (Time To Live) is the time specified in your DNS for each change in your DNS to be effective. If you have a huge TTL value (24 hrs/ 48 hrs), then the TXT Record might not be provided during the verification process. It might take up to 12 - 24 hours for DNS changes to take effect, based on the TTL set. Please check the TTL value and try verifying after a while.
Typos/ Spelling Mistakes
Ensure that the TXT Record value that you enter while configuring SPF is in accordance with the value specified in this help page.