SPF Record Format: Common Problems and Solutions

  • 0
  • December 2, 2014

SPF Record Format – Overview and Importance

SPF (Sender Policy Framework) is an email validation system designed to help prevent spoofing.  You can read all of the technical details here, but it is fundamentally a text file that tells the internet who is authorized to send email on your behalf. For example, if an email is sent with an invalid or missing SPF record, Gmail or Yahoo might assume the sender is a fake and not deliver your email. Getting your SPF record format correct is vital to a good email program.

We often see errors in SPF records that can have significant impacts on deliverability.  In the example shown below, a typo was introduced during an update to the SPF record on May 17.  The open and click rates for transactional email to gmail.com almost immediately dropped by over 50%.  Customers reported that important notifications, including password reset emails, were ending up in the Gmail spam folder.  When the SPF typo was corrected on June 7, the Gmail open and click rates almost immediately recovered.

Unfortunately, this customer didn’t have Email Copilot turned on until June 7 when our system almost immediately identified the issue. Among many other things, Email Copilot monitors your SPF record, automatically alerts you when we detect a problem, and will work with you to resolve it.

Check out the interactive graph below for this incident!

 

Common Problems and Solutions

No SPF Record

Problem: All major mailbox providers recommend that you create an SPF record for your domain.  Google writes “If your domain does not have an SPF record, some recipient domains may reject messages from your users because they cannot validate that the messages come from an authorized mail server.”

Solution: Create an SPF record that gives your email service provider (ESP) permission to send email on your behalf.  You need to do this for every domain that you send email from. Instructions are generally available from your ESP, for example SendGrid, Mandrill, and Exact Target.

SPF Does Not Include Your ESP

Problem: Your SPF record is valid, but does not list your ESP.

Solution: Update your SPF record to include your ESP.  Make sure you also include any other domains that are authorized to send email on your behalf.  Common examples include CRM software, the mailbox provider that your company uses to send individual email, and your own servers.

Multiple SPF Records

Problem: The SPF standard only allows one record per domain.  Multiple records can confuse mailbox providers, especially when they are conflicting.

Solution: Consolidate all SPF records to a single entry.  The record should be a single line, starting with v=spf1 and ending with ~all, -all or ?all.  Also, it is now recommended to only have a TXT record rather than having both a TXT record and a SPF type 99 record.

Typo in SPF Record

Problem: A typo in your SPF record may make it invalid.

Solution: Use an SPF record validation tool.  The most common typos are missing spaces between entries, commas to separate entries and misspelled domain names.

Example

A customer uses SendGrid, Google Apps, and their own servers to send email.  Their SPF record is:

v=spf1 include:_spf.google.com ~all
v=spf1include:sendgrid.net~all

The problems with this SPF include:

  • Their MX server isn’t included,
  • Multiple SPF records, and
  • The lack of spaces in the second SPF record makes it invalid.

The correct SPF record would be:

v=spf1 a mx include:_spf.google.com include:sendgrid.net ~all

Comments

comments