SPF Configuration Settings & Setup

Understand your SPF configuration settings and setup SPF record delegation to enable management through Sendmarc

Sections in the article:

 

To enable management of your SPF record, you'll first need to add your domain to Sendmarc. Once your domain is added you can setup DNS delegation for your SPF record. This means that your SPF record in your DNS is pointed to our servers which contains the settings of your SPF record.

Setup & Verify SPF delegation

 

If this is your first time editing your domain, it is important to validate the imported settings against your existing DNS records to ensure that no records were missed as Sendmarc will only import valid records. You'll need to manually add the authorized senders and settings that failed to import. Be sure to do so before enabling DNS delegation. SPF management is only available for specific account account plans.

Steps to follow:

  1. Navigate to Domains in the left navigation bar.

     
  2. Click on the domain you wish to configure and then click Edit. Or click the Pencil Icon of the domain you wish to edit.
     
  3. Click on SPF Settings to confirm the correct settings have been imported/applied and make necessary adjustments where needed.
     
  4. Once you're happy with your settings expand Your DNS Configuration section to reveal the DNS record required to enable SPF management for your domain. You'll also see a RAW record displayed; this is the hosted record that Sendmarc compiles based on the settings you have set in the platform.

     

    The DNS Configuration section will contain:

      • DNS Record - This is the new DNS record to enable SPF delegation.
      • Verification Status - Indicates the various states of verification with the date and time of that the last validation occurred.
      • Raw SPF Record - Displays the raw SPF record that contains the policy and settings as imported and modified by you. Do NOT use this record, follow the setup instructions to enable delegation.
  5. Now add the TXT record to your DNS to enable delegation. The process of updating your DNS may differ depending on your hosting provider. Visit the Service Provider Section for more information.
  6. Click Verify to validate your newly added DNS record. It may take some time for the record to reflect, but Sendmarc will continue to attempt verification in the background.
  7. Once your setup has been fully verified you've successfully delegated the management of your SPF record to the Sendmarc platform. This will be indicated by a green tick.

 

Various States of Verification

  • Verified - Matching TXT record found and SPF delegation is enabled
  • Unverified - No Matching TXT record found

 

Sendmarc needs to verify whether your SPF record contains the valid delegated record before you can start managing your SPF settings through our platform. The record inside of your DNS needs to be the exact record that was provided in the setup instructions. If correct, your SPF setup will be set to "verified" and your SPF settings can be managed through our platform.

If you have just created a new domain and the verification is failing, please allow the full Time To Live (TTL) of the domain to lapse its configured period and try validation again.

 

SPF Configuration Settings

Understand the various settings available for your SPF record, these settings will only take affect if DNS delegation has been implemented and verified. Follow the setup instructions above.

Configuring Authorized Senders


The list of Authorized Senders that appears in the list are those you have configured as legit senders. This list is generated in one of three ways:
  1. Automatically imported during domain creation
  2. Manual Import or Re-Import (If your SPF record has not yet been verified/delegated you can choose to re-import the existing SPF record, by clicking Re-import SPF Settings and Sendmarc's Smart Import Technology will import it for you. It will only import the valid records and Authorized Senders not already on the list.)
  3. Manually added and configured by you

 

You can modify each of the Authorized senders by holding your cursor over the specific record and clicking on the Pencil icon to edit the directive. This will allow you to verify settings and update the directive accordingly. To change the order of the directives, use the Dotted icon to drag each directive up or down into the correct place.

 

 

To add a new Authorized Sender or Directive click ADD SPF SETTINGS.

 

 

For each of the records you can specify:
    • Designated Sender Mechanism (Include, Exists, A, MX, ip4, ip6)
    • Mechanism Qualifier / Record Qualifiers
      • "-" fail
      • "~" soft fail
      • "?" neutral (Not Recommended)
      • "+" pass (Not Recommended)
    • Host / Address / Macro Value (Changes based on mechanism selected)
    • Notes - Used for notes

  

SPF Optimization

SPF Optimization is disabled by default, when enabled it will reduce all your SPF includes (Authorized Senders) down to the IP level when the lookup limit is reached. Learn more about SPF Optimization
 

 

Top Level SPF Record All Term


This option allows you to choose how you would like senders not listed as an Authorized Sender to be treated, also known as "Termination Mechanism". The options are:
  • "-" fail - Fail unauthorized senders
  • "~" soft fail - Soft fail unauthorized senders
  • "?" neutral - Neutral stance on unauthorized senders (Not Recommended)
  • "+" pass - Allow unauthorized senders (Not Recommended)

 

Need Help?

support@sendmarc.com is standing by to assist!