SPF for a Well-Known Sender Examples

TIP: This example uses illustration from a system configured to demonstrate the concepts explained here. Your system may appear differently.

Google

  1. Go to Diagnostics > Senders.
  2. Select Single Domain, and then select one of your domains to view the senders for that domain.
  3. If you use Google as your email provider (for example, you are a G Suite environment), you will find Google listed in the Senders:

    Note that the SPF Record column indicates that no SPF record was found for the selected domain.

  1. Click the Sender Profile link for Google to view Agari’s information about the sender:

The Important Information section at the top of the Sender Profile page contains information on whether the sender supports aligned SPF, and if so, instructions for achieving it. (You can also see your SPF pass rate and whether other Agari customers have been successful achieving SPF authentication with this sender.).

Following the links in the Sender Profile page, you will learn that when you add the following to your SPF record for the selected domain:

include:_spf. google .com

...it will authorize Google’s IP addresses for that domain.

Your new SPF record can take up to 48 hours to go into effect, but it usually happens more quickly. Once it does, you will see the SPF Record indicator change to show that you have included the Sender in the SPF record for your selected domain:

The SPF Pass column will show the percentage of messages from that sender the pass SPF alignment for the domain.

(In the case of G Suite, you use G Suite’s Postmaster tools to add and verify the domain in order to achieve SPF alignment. See https://support.google.com/mail/answer/6227174 for more details.)

Zendesk

Repeating steps 1 and 2 above, you may notice on the Senders page that your organization also uses Zendesk for the selected domain:

  1. Click the Sender Profile link for Zendesk to view Agari’s information about the sender:

Following the links in the Sender Profile page, you will learn that when you add the following to your SPF record for the selected domain:

include:mail.zendesk.com

...it will authorize Zendesk’s IP addresses for that domain.

At this point, you proposed SPF record would include authorization for both senders, Google and Zendesk:

v=spf1 include:_spf.google.com include:mail.zendesk.com ~all

NOTE: You add approved senders to a single SPF record for a domain to authorize them. Do not create a separate SPF record for each sender. Instead, increase the SPF record (but be aware of the 10 DNS mechanism lookup described in SPF Record Syntax.)