Published on 

Protecting your emails with SPF

DNS is no easy topic. It's a complex protocol that powers vast parts of the internet. It's also a protocol that is often misunderstood. In this series of posts, we'll dive into some of the basics of DNS and how you can use it to improve your email deliverability.

This post covers the essentials of SPF (Sender Policy Framework) and what we learned along the way at Plunk. We hope it helps you to improve your delivery too.

Protecting your emails with SPF

What do you use SPF for?

SPF is a protocol that allows you to specify which servers are allowed to send emails on your behalf. It's a way to protect your domain from being used by malicious actors to send harmful emails. Your recipients' email server will look up your SPF record and check if the server that sent the email is allowed to do so.

What happens if I have no SPF record?

If you don't have an SPF record, your recipients' email server has no way of knowing if the server that sent the email is allowed to do so. This means that they will not be able to protect your recipients from malicious actors. This is why it's important to set up SPF.

What happens if the server is not allowed?

If the server is not allowed to send emails on your behalf, the email server will reject the email. This will result in a bounce message in your inbox. Some email servers will accept the email and mark it as spam. This is why you sometimes receive spam emails that appear to come from legitimate senders.

How do you set up SPF?

SPF is a DNS record that you add to your domain. It's a TXT record that will look something like this:

v=spf1 include:spf.protection.outlook.com -all

The first part of the record is the version of the SPF protocol. The second part is a list of servers that are allowed to send emails on your behalf. The last part is a modifier that specifies what to do if the server is not allowed to send emails on your behalf. In this case, we're telling the email server to reject the email.

Is SPF enough?

SPF is a great way to protect your domain from being used by malicious actors. However, it's not enough to protect your domain from being used by spammers. Spammers can spoof the sender address and make it look like the email is coming from your domain. This is where DKIM comes in.