Sender Policy Framework (SPF)

Updated on 20-October-2016 at 10:16 AM

Business Catalyst End of life announcement - find out more details.

This document is addressed only to customers that are NOT using Business Catalyst's internal DNS service.

For sites that are using our DNS service (have the domain name configured as "internal" we add the SPF record automatically.

SPF General Overview

SPF also known as Sender Policy Framework is a protocol that helps you control forged e-mail. SPF is not directly about stopping spam, junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't. While not all spam is forged, virtually all forgeries are spam. SPF is not anti-spam in the same way that flour is not food: it is part of the solution.

If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, since the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Since an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through.

How it works

Let's say a spammer forges a address and tries to spam you. They connect from somewhere other than Yahoo.

When his message is sent, you see MAIL FROM: < >, but you don't have to take his word for it. You can ask Yahoo if the IP address comes from their network.

(In this example) Yahoo publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Yahoo.

If Yahoo says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

This is definitely something that I want so what should I do next to have this in place?

Since you are not using Business Catalyst's hosting service you need to go to your hosting provider and create the following record:

Record name should be something like @(or enter the non-WWW domain) to map the record directly to your domain name

Record type should be TXT

Record value should be v=spf1 mx ~all

Record TTL should be 1 day (86400 seconds) - TTL represents how long the server should cache the information.

You have below links on how to add TXT records from some of the biggest hosting providers:

GoDaddy -