How to move your SPAM defenses up a notch using SPF (Sender Policy Framework)

SPF is a guide to mail servers - placed in your domain’s zone file - that indicates who is allowed to send mail from that domain. For example, only the hosthow.com mail server is allowed to send mail for hosthow.com. Using this, mail servers are able to check whether or not incoming mail is being sent by an authorized server.

Step 1 - Create your SPF record

Visit openspf.org and use their SPF wizard to create your SPF record.

Here is the record for hosthow.com:

"v=spf1 a mx mx:viper.hosthowservers.com ~all"

When a client tries to send email from hosthow.com, it looks for the SPF record, which in hosthow.com's case means:

v=spf1 declares that the record is SPF version 1

a means that all A records for the domain hosthow.com can send mail

mx means that all MX records for hosthow.com are checked, and all their A records are checked. Remember that when you are using a 3rd Party mail service such as Google Apps Gmail, you need to include their MX server(s) here.

mx:viper.hosthowservers.com means that all of viper.hosthowservers.com's MX records are checked, and their A records checked. This is because the hosthow.com site sends automatic emails such as the website signup confirmations, and they are sent by viper.hosthowservers.com

~all means that this SPF record lists all servers that send mail for hosthow.com - and the tilde ~ means that if a server is not listed here but is trying to send mail, it should be a "soft" fail, meaning it won't be rejected completely but may be marked with a higher chance of being SPAM. You should use this so that if there is a legitimate server problem on your send, your mail is not automatically rejected.

Step 2 - Add your SPF record to the domain's zone file

Log into WHM and click the “DNS Functions” icon. Then, select “Edit DNS Zone”.

On the right, click on the domain in question, and click “Edit”. The DNS zone page will open. Scroll all the way down to the bottom to "Add New Entries Below this Line", where you can enter your SPF record:

Remember the intentional period "." at the end of hosthow.com - this is required, and select TXT from the drop-down menu. Also note that the SPF record is enclosed in quotes.

Click "Save" to make the change live.

Step 3 - Test your SPF record

There are a few ways to test your SPF record. One is to use OpenSPF's Why page, an another is to check the headers of the emails that are being received. To view the headers of an email, you need to "View Source" in Outlook for example, or "View Original Message" in Gmail.

You should see an SPF line, and if it was successful it will be similar to this:

Received-SPF: pass (google.com: domain of wordpress@hosthow.com designates 72.52.252.76 as permitted sender) client-ip=72.52.252.76;

Now all you need to do is look forward to less SPAM!