Build and Propose a New SPF Record
The process for proposing a new SPF record should be the same for all domains that you plan to protect. At a high level, the process is as follows:
- Use the Senders page in DMARC Protection to identify senders for a given domain.
- Find SPF instructions for that sender and publish an SPF record:
- View the sender profiles for well-known senders in DMARC Protection to learn if the vendor supports SPF.
- Use the data for custom senders to enumerate IP Addresses which you control.
- Work with the senders (well-known or custom) to ensure that SPF alignment is achieved.
- Monitor progress via the Senders page and the Analyze > Email Traffic pages.
- Monitor progress via the Senders page and the Analyze > Email Traffic pages.
- Update/modify your SPF record for the domain to account for all potential senders.
- You can also use the Using the EasySPF™ Analyzer for an SPF Record.
- When you are confident that you have accounted for all senders for a domain in its SPF record, update the SPF record to use a “-all” policy.
You will repeat each of the above steps for each domain you plan to protect.
Some examples to illustrate the process:
References
Here are a few additional references that can help you understand the process of enabling SPF authentication for your domains.
Google G Suite Administrator Help, “Authorize Senders with SPF:”
https://support.google.com/a/answer/33786
Microsoft Office 365 Help, “Set up SPF in Office 365 to help prevent spoofing:”
https://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx
Wikipedia entry for SPF:
https://en.wikipedia.org/wiki/Sender_Policy_Framework
https://tools.ietf.org/html/rfc7208
Word to the Wise blog, “Authenticating with SPF: -all or ~all”
https://wordtothewise.com/2014/06/authenticating-spf/
Global Cyber Alliance, “Introduction to the Sender Policy Framework (SPF): A Closer Look”
https://www.youtube.com/watch?v=oEpU-iqBerI