# SPF records

#### WHAT IS THE SPF RECORD?

According to the original operation of the SMTP protocol, any computer could send an email with any sender address. As a result, spammers have a simple job as they can easily falsify the sender addresses (Return-Path headers). The SPF would remedy this by defining domain names by which servers can send a mail from the email address that belongs to that domain. This information must be published in the [TXT](https://admin.dotroll.com/knowledgebase/25/txt-record.html?swcfpc=1) record for that domain.

<p class="callout info">The SPF ignores a single important parameter in the SMTP operation of the email redirection. If a server is configured to redirect to a specific address and the server to which the mail is forwarded, it checks the SPF, then it will optionally reject a real mail as it is not transmitted by the server that was enabled in the SPF entry.</p>

Solution attempts have been created for this problem, but all of these can only work if all servers on the Internet implement them.

#### QUERYING SPF RECORD

For example, you can use the nslookup command in Windows to access record TXT, while under Linux the host command.

Example of a Windows-based nslookup query:

```
nslookup -q=TXT dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com     text =

        "v=spf1 mx a:staffmx.dotroll.com a:staffmx1.dotroll.com ip4:80.77.113.20 ip4:80.77.113.30 ip4:185.33.52.53 a:admin.dotroll.com a:online1.int.dotroll.com ~all"
```

Example of Linux based host query:

```
host -t TXT dotroll.com
dotroll.com descriptive text "v=spf1 mx a:staffmx.dotroll.com a:staffmx1.dotroll.com ip4:80.77.113.20 ip4:80.77.113.30 ip4:185.33.52.53 a:admin.dotroll.com a:online1.int.dotroll.com ~all"
```

#### SPF RECORD FORMAT

The SPF record always begins with `v=`. This indicates the SPF version used. Currently, version `spf1` must be configured, as this is the most common version of SPF that is understood by mail servers.

There may be one or more values after this version. These will determine which servers to send mail through the domain name.

Globally usable elements:

<table id="bkmrk-usable-elements-resu"><tbody><tr><td>**Usable elements**</td><td>**Result**</td><td>**Description**</td></tr><tr><td>+</td><td>Pass</td><td>Specifies the server through which you can send a mail, this is the default operating mode</td></tr><tr><td>–</td><td>Fail</td><td>Specifies the server through which no mail can be sent</td></tr><tr><td>~</td><td>SoftFail</td><td>Specifies the server through which you can not send mail but is temporarily enabled</td></tr><tr><td>?</td><td>Neutral</td><td>It determines that nothing can be said about validity</td></tr></tbody></table>

These elements can be used for the items listed in the table below.

<table id="bkmrk-usable-elements-desc"><tbody><tr><td>**Usable elements**</td><td>**Description**</td></tr><tr><td>ip4</td><td>IPv4 addresses can be specified in CIDR format that can deliver or forward the message through the domain name.</td></tr><tr><td>ip6</td><td>IPv6 addresses can be specified in CIDR format that can deliver or forward the message through the domain name.</td></tr><tr><td>a</td><td>You can specify any host name that you can send or forward through a domain name.</td></tr><tr><td>mx</td><td>You can enter any host server host name that you can send or forward through a domain name.</td></tr><tr><td>ptr</td><td>You can specify any host name that you can send or forward through a domain name. Its use is not recommended.</td></tr><tr><td>exists</td><td>If this value is set, the specified domain name records the record and if it finds a match between the specified IP addresses, it will allow the mail to be sent or forwarded via the domain name.</td></tr><tr><td>include</td><td>You can specify any additional domain name that can be delivered or forwarded via the domain name.</td></tr><tr><td>redirect</td><td>At the domain name, the current SPF record will be replaced by the SPF record of the domain name specified here.</td></tr><tr><td>exp</td><td>A brief explanation of what to do after a letter is rejected</td></tr><tr><td>all</td><td>This determines the strictness of the items set in the SPF record.</td></tr></tbody></table>

#### ADDING SPF RECORD

1. Sign in with [https://admin.dotroll.com](https://admin.dotroll.com/?swcfpc=1) with your username and password
2. In the top menu bar, click the **Domains** / **My Domains** menu.
3. Select the domain name for which you want to make the change and then click on it.
4. In the **Manage** box on the left, select **Manage DNS**.
5. At the bottom of the page, click **Add**. 
    - In the first field, you can enter a subdomain name, or leave blank
    - the TTL value can be selected in the second field, but typically the default is 1 hour
    - select **SPF** from the next drop-down list.
    - set the desired values
6. Then click **Save Changes**.