In the email world, people send email from domain name
. Every domain name
on the Internet that is setup to send/receive email must route to an IP Address
. This IP address is setup and controlled in a domain name registrars control panel and your hosting services. An IP Address enables a domain name to route across the Internet for things like a website and or email services. Let’s take the below example.
Domain Name: becomethesolution.com -> IP: 192.168.1.1
Becomethesolution.com is setup to IP Address 192.168.1.1. This IP Address was assigned from an email service, like Zoho
. You assign this IP Address to your domain name by logging into your domain name provider control panel.
Awesome. So now, I setup my personal email address on my domain name with Zoho
. You can find this information when you read email header information.
Now, this is where SPF checking comes into play. Sender Policy Framework explicitly defines IP Addresses that are only allowed to send email on behalf of for a domain name. Below is an example of a sender policy framework record.
v=spf1 mx include:zoho.com ~all
You were expecting to see an IP Address(s) in the example above, right? There are. Zoho.com is routing to several IP’s. In the example, our SPF record says only send email from IP’s resolving from zoho.com. An nslookup on zoho.com reveals 2 IP addresses pointing to it right now: 18.104.22.168 & 22.214.171.124. The ~all in the SPF record means if the email does not originate from those IP’s, it will fail to send or receive it.
SPF checking is voluntary and usually setup at the discretion of the email provider or user. Today, however; most organizations (financial institutions) enable this checking due to the increase of phishing and spamming emails.
To enable SPF checking, you must do the following.
- Create an SPF record for your domain name outlined by your email provider
- This is TXT record that is created as Host Record in your domain name provider control panel
- Ensure your email provider enabled SPF checking for receiving email. Likewise, ensure anyone you send email to also have SPF record checking enabled with their provider.
A great tool to lookup any SPF record (or find out if one exists for a domain name) for a domain name on the Internet here