Implement SPF records for Email
search cancel

Implement SPF records for Email


Article ID: 161394


Updated On:




A Sender Policy Framework (SPF) record is a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of a domain. SPF records detect and prevent spammers from sending messages with forged "From" addresses on a domain.

Symantec recommends that you include Symantec Email references in your SPF Record, even if your email is not generally routed outbound through Including these references help prevent situations where email flows through Symantec servers for other reasons, such as email sent to another customer.

Implementing the SPF record also helps more accurately detect spoofed messages that pretend to be from your domain.


Implement SPF records

  1. Log in to your domain host account.
    See Find my domain host.
  2. Navigate to your domain host's DNS or Name Server management page.
  3. If you do not have other servers to authorize, you can set up the following string in the applicable zone file as a TXT Record. This string publishes the records in test mode (i.e. soft mode).

    v=spf1 ~all

    Note: Publishing in soft mode is primarily for testing purposes, and does not stop email spammers.
  4. Once you have confirmed that the record works as intended through test mode, you can publish in hard mode. This indicates to the receiving server that if the IP address is not authorized within this record, the server should discard the message:

    v=spf1 -all

    Note: SPF consists of a number of variables that can be set on a trial basis when in test mode. When you switch from the test mode to the hard rule, the variables are enforced.
  5. If you have other servers to authorize such as Microsoft Office 365, they can be included in your record based on the set-up as advised by the server's administrator. However, you must ensure that your record also contains the following entry:

The final record should look as shown below:

v=spf1 -all
  1. Once the SPF record is published, ensure that is checking the SPF record for incoming email. To validate this, log in to the console, and check the SPF setting under Services > AntiSpam.
  2. Please ensure there is only one SPF record published in your DNS per domain. All your authorized servers should be listed in a single SPF record.

Note: SPF consists of a number of variables that can be set on a trial basis when in test mode. When you switch from the test mode to the hard rule, the variables are enforced.

Find my domain host

  1. Go to the ICANN Whois Lookup website.
    ICANN is a non-profit organization that compiles domain information.
  2. Enter your domain name, and click Lookup.
  3. Type the CAPTCHA text if prompted.
  4. In the results page, look for the Registrar section for the name of your domain host. For example:
    • Registrar:, LLC
    • Registrar URL:

Add SPF records for common hosts

Technical Information

A sender policy framework (SPF) record is an authentication protocol that helps prevent email spammers from forging the RFC 5321 MailFrom field (also known as the envelope sender) in an email. SPF enables the owner of a domain to specify which mail servers are allowed to send mail on that behalf of the domain.

The principle of operation is as follows:

  1. An email is sent to a recipient performing SPF validation.
  2. The recipient obtains the DNS records of type TXT for the sending domain, looking for an SPF record.
  3. The receiver compares the IP address of the sender against what is authorized in the domain's SPF record.
  4. SPF either passes or fails validation, depending on whether or not the sending IP address is found in that record.