How To Create SPF DNS Record for better Email Security

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email.^[1] SPF alone, though, is limited only to detect a forged sender claimed in the envelope of the email which is used when the mail gets bounced.^[1] Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing^[2]), a technique often used in phishing and email spam

SPF is a DNS TXT record. The right syntax can be achieve through online SPF wizards, just follow the instraction on the wizrads :

https://www.spfwizard.net/

https://mxtoolbox.com/SPFRecordGenerator.aspx

https://www.spf-record.com/generator

https://www.zerobounce.net/services/spf-generator.html

Next you will have to take the text line and create TXT recornd on you domain DNS provider. Few things to pay attentions to:

1. SPF DNS resolving should never be more then 10 – each setting like: a, mx, ipv4, is one resolve, “include” option might add the domain you include and all the resolving in it so be aware of that.
2. Do not do loop resolving – for example you include your domain and a “mx” or “a” option pointing to the same server or ip
3. “include” option can be add twice only ! – do not use “include” more the 2 times as the resolving time will be to long.
4. “PTR” option is deprecated – try not using this option as it is not safe enough.
5. IPV4 option get resolved faster – better if you have long record.
6. Do not have more the one SPF record – More then one SPF DNS TXT record will cause error in auth mechanism.

Once you created the record you must check the validity of the SPF record, you can do it online on this sites:

https://www.spf-record.com/analyzer

https://www.kitterman.com/spf/validate.html?

https://www.spf-record.de/spf-lookup/

Good Luck

To Create Dmarc record you can use this web site :

https://easydmarc.com/tools/dmarc-record-generator