How to configure Sender-Protection Framework for your domain

User ID:

We publish an SPF record which you can use if your outgoing mail is sent via our mailhubs, at _spf.mythic-beasts.com

You should use the include mechanism to reference this record from your own SPF record. Normally your SPF record will need to go at the root of your domain, which is named as @ in the DNS. So your overall SPF record might look like this:

@    TXT    "v=spf1 include:_spf.mythic-beasts.com -all"

If the DNS for your domain is with us, you can follow the link labelled SPF on the control panel page to add this standard record.

Beware that with this record in place, receiving servers are expected to reject mail that purports to come from your domain but is not sent by our mailhubs. You should be sure that this is the case before using this SPF record. Two particular things to think about are websites that may may legitimately send mail using your domain name, and redirections.

If you need a more complicated SPF record, please feel free to email us for help. The ultimate reference is the SPF standards track RFC.

Note that this record ends with -all, which indicates a fail. If you are publishing an SPF record for the first time, you might prefer to replace -all with ~all which is the less drastic softfail. Unfortunately it can be hard to evaluate the impact of SPF records, since their effect takes place at the receiving end.

Note that you should use a TXT record. There was once an SPF record type, but (for complicated and controversial reasons) this is now deprecated, and is no longer supported by our control panel.