Knowledgebase: Email
User's Guide to SPF
Posted by , Last modified by Ashley L on 22 November 2019 04:48 PM

Using SPF

Sender Policy Framework (SPF) is an email validation system designed to prevent spam by detecting email spoofing, similarly to how DKIM authenticates email. However, SPF is a much more involved system and involves much more user input to ensure proper functionality. The key to configuring SPF is knowing who should send mail on your behalf. If, for example, you use external email services for newsletters, mailing lists, shopping carts (that send email on your behalf), or host your email elsewhere, SPF will need configured beyond the default settings.

Odds are 3rd party services you use will provide you with "includes" and ipv4/ipv6 settings to add to our SPF settings. You can use the instructions below to make adjustments to your SPF, just note that SPF will absolutely destroy your mail deliverability if misconfigured. Do not hesitate to reach out to us if you have any questions whatsoever. 

Configuring SPF

  1. First you will want to navigate to the Fused client area here and log in
  2. Once you are logged in, click the "Services" text on the blue bar at the top of the screen (just below the Fused branding). From the drop down menu that appears, click on "My Services"
  3. On this page you should see your services listed by domain. For any active domain for which you want to configure the SPF options, you may click on the green "Active" button to the far right of the domain to advance
  4. You will then be taken to a page displaying the details of the service for this domain. On the left should be a table labeled "Actions" containing a list where you will click the "Login to cPanel" option
  5. Once logged in, you will see a search option at the top right of the screen. If you type in "SPF" and press enter, you will be taken to an authentication page detailing your current SPF record and giving the option to "Enable" or "Disable" the SPF status of this domain, along with additional DKIM configuration options and records

Once you have reached the Authentication page of your cPanel for the desired domain, there are a few things to note. Primarily, you will be able to add domains to your specified "authentic" SPF domain list. By default, this list has only "spf.fused.com," but you may add as many additional domains as you'd like in order to send authenticated mail through these domains. In addition, this section will also allow you to add "A" and "MX" records as needed, along with additional IP Address blocks for your domain.

Notice

By default, your SPF record should end in "~all" by default. The "all" means that you are setting the way for the server to deal with all mail not sent from a domain specified in the "+include" section mentioned before. The "~" represents a soft fail default, as opposed to a hard fail.

A "soft fail" means that all mail servers not listed in the SPF record are not authorized to send mail using the sender’s domain, but the owner of the domain is unwilling to make a strong assertion to that effect.

On the contrary, a "hard fail" means that all mail servers not listed in the SPF record are explicitly not authorized to send mail using the sender’s domain.

There are two checkboxes at the bottom of this page. One of which is labeled "All Entry (ALL):". When checked, this box will enable hard fail as the default. It is recommended that this box remain unchecked unless you are certain of what you're doing.

(0 vote(s))
Helpful
Not helpful

Comments (0)