Prerequisites
Before setting up SPF, make sure you have:
- A domain name you control
- Access to DNS management
- Your email server IP address
Step 1: Determine Your SPF Record
The SPF record is a DNS TXT record that lists authorized email servers for your domain.
Basic format:
v=spf1 ip4:YOUR_VPS_IP a mx ~allCommon SPF Mechanisms
- ip4:IP – Allow a specific IPv4 address
- ip6:IPv6 – Allow specific IPv6
- a – Allow the domain's A record IP
- mx – Allow the domain's MX record IPs
- include:example.com – Include another domain's SPF record
Qualifiers (Ending of SPF record)
- + – Pass (default)
- - – Fail (hard fail – recommended)
- ~ – SoftFail (accept but mark as suspicious)
- ? – Neutral
Step 2: Build Your SPF Record
Example for VPS sending email directly:
v=spf1 ip4:148.113.173.106 -allExample using include for email service (e.g., SendGrid):
v=spf1 ip4:148.113.173.106 include:sendgrid.net -allStep 3: Add SPF Record to DNS
In your domain's DNS settings, create a TXT record:
- Name/Host: @ (or your domain)
- TTL: 3600
- Value: v=spf1 ip4:148.113.173.106 -all
If your provider requires separate host, use the domain itself.
Step 4: Verify SPF Record
Use dig:
dig txt example.com +shortOr online tools like MXToolbox SPF Check.
Step 5: Test Email for SPF
Send an email to a Gmail account and check the original headers for:
Authentication-Results: spf=pass✅ SPF record added. This helps prevent your domain from being used for email spoofing.