May 02, 2009, 5:08 AM — This tip applies to anyone who will be outsourcing any of their outbound email sending from servers other than their corporate email servers. You are likely an IT person who had landed here because someone from the marketing department said ‘Hey IT dude - we started using an ESP and we want to maximize email delivery’. If you are using an Emails Service Provider (ESP) like www.pinpointe.com, Constant Contact or ExactTarget, then this applies. If you are just sending outbound emails from Outlook, then this does not apply.
What is “SPF” and what does it do?
SPF stands for “Sender Policy Framework”, and helps to control forged e-mail. SPF is not directly about stopping spam - it is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t. While not all spam is forged, virtually all forgeries are spam. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send bzillions of emails from another company’s domain (like yours).
SPF is an open standard - it isn’t owned or controlled by any one body or company. More information about SPF can be found at:
>> http://www.openspf.org/Project_Overview
>> http://old.openspf.org
A Specific SPF Example: Setting your SPF Record and Using Pinpointe as an ESP
Many mail servers are now testing for the presence of SPF records so if you don’t have one your email will probably not be delivered to that server. Hotmail for example started testing the use of SPF records in 2004. To set up SPF, your company’s domain administrator publishes an SPF record in your top-level-domain’s DNS record by adding a specific TXT entry. That may sound confusing, but it isn’t - here’s specifically how to do it.
Assume your domain is ‘mycompany.com’. Also assume that you are sending emails from your regular servers, but your marketing department just signed up with Pinpointe to use Pinpointe’s email marketing solution for email marketing. The first step is to go to the OpenSPF wizard, which will walk you through a few basic questions:
>> old.openspf.com/org/wizard.html
Now enter your domain (’mycompany.com’) and hit the ‘Begin’ button. You will get a screen like this:
Just answer each SPF question
Typically answer the first 3 questions as Yes / Yes / No.
If you know the specific hostnames, mail sever names or IP addresses of outbound email servers, enter them here; if you don’t know, ask your mail administrator. If you still don’t know you can skip these.
‘include’: Here is where you can include your ESP, in this case Pinpointe. Enter: ‘pinpointe.com mypinpointe.com’ — these are the domains we use for our outbound email servers.
For the final question - if you know absolutely for certain that you have defined every email outbound email server for your domain, then select ‘yes’ otherwise, select no. Be careful here - if you select ‘yes’ and in fact there are other email servers, email from them may be blocked in the future.
Here is the resulting record:
“v=spf1 include:pinpointe.com include:mypinpointe.com ?all”
The SPF wizard reports what each field means:
A note here:
The ‘-all’ part means that this SPF record has identified *all* email servers that are permitted to send outbound email for this domain. On one hand, spam filters that verify the SPF record will be happy to see that you have definitively identified all servers (good). On the other hand, if there are any other servers that actually can send email from ‘mycompany.com’, then you’ve just mucked things up. The less conservative option is to use ‘?all’ which basically says to the world “All of the servers I’ve listed here can send on my behalf; there may be other servers who can also send email on my behalf’
You should also review the trade-offs involved in choosing an “all” default: see page 15 of the white paper: http://www.openspf.org/FAQ/Common_mistakes#dont-guess
You can read all the options that you have by visiting: http://www.openspf.org/SPF_Record_Syntax
Installing your SPF Record
Now that we know what SPF record to install, we need to install it. If your domain is registered at GoDaddy for example, go to our domain account manager.
- Select ‘Modify DNS entry for the domain (’mycompany.com’)
- Select ‘Add a TXT Entry / SPF Record’
- Finally, paste in the spf record from the wizard. It should look something like this:
>> “v=spf1 include:pinpointe.com include:mypinpointe.com ?all”
And with that… You’re done!
If you are an IT / tech and are managing your DNS servers directly, here is how you’ll finish making the entry:
If you run BIND:
Paste this into your zone file:
>> mycompany.com. IN TXT “v=spf1 include:pinpointe.com include:mypinpointe.com ?all”
If you run tinydns (djbdns)
Paste this into your zone file:
>> ‘mycompany.com:v=spf1 include pinpointe.com include mypinpointe.com ?all
For more tips on how to improve your email delivery, check out Pinpointe's blog at: www.pinpointe.com/blog
