How to set up SPF for improved email delivery

What is SPF and why should you enable it?

SPF (Sender Policy Framework) is a DNS-based method to validate an email message as being sent from a trusted email server.

As a domain owner, you can specify which mail servers on the internet are permitted to send emails on behalf of your domain and improve the trust and reputation of your outgoing emails when they are received and processed by your recipient's email server.

Not only does setting up a strict SPF policy improve the chance that your emails will be delivered to your recipient's inbox, but it also reduces the chances your customers might receive a fraudulent phishing email claiming to be sent from you. Your SPF policy can be set up to indicate if an email was sent from an approved server or by a rogue server on the internet.

Our SPF Record

Softfail vs fail

In the early days of SPF before DMARC joined the scene, the correct way to end an SPF record was to specify how strict you wanted your SPF record to be.

The way to do this was to specify if your record was a "NOT PASS" or "NOT PASS AND DISCARD" record.

This was done by including either "~all" for a soft fail or "-all" for a hard fail and discard.

The original design was to allow its users to inform about email validity, but also to specify what should happen if an SPF test fails. Over time incorrectly configured SPF records became a common cause of valid emails being deleted by webmasters without a firm understanding about SPF and its implications and mail providers stopped discarding emails altogether.

From time to time, you can find an email server that still honors the discard flag, but the number who do is very small.

Configuring your record as a discard "-all" record can still convey confidence in your SPF record and make it more likely that a failed test will cause a fraudulent email to be discarded by email servers not yet using DMARC but take care to make sure you're confident your SPF record is correct before doing so.