In Part 1 of this post we examined how SPF works. Now we’ll go into how to create and publish SPF records.

Creating an SPF record for your domain

The procedure outlined below can be divided into several stages:

  1. Determine domain name which is used to send emails to the internet
  2. Determine the public IP address(es) that are used to send emails
  3. Create your SPF
  4. Publish the SPF record in your DNS Server

Determine the domain name which is used to send emails to the internet

An SPF record is created for a domain, therefore you need to first identify what domain is used when emails are sent to the internet from your domain. The domain is the last part of your email address.  For example:

Email Address: user[at]gfi.com
Domain: gfi.com

Determine the public IP address(es) that are used to send emails

In order for SPF to determine that an email has been received from a legitimate sender, it will check the sender mail server IP address and compare it to the content contained in the SPF record. In order to properly configure an SPF record, you will need to obtain all the public IP addresses which are used to send emails to the internet from your domain.

Create your SPF record

The wizard found at http://www.openspf.org/ offers a step by step wizard which explains how to create your SPF record. The following procedure will guide you through the wizard:

  1. Open http://www.openspf.org/ using an Internet Browser
  2. In the ‘Deploying SPF’ section, enter your domain which will be used for the SPF record and click ‘Go!’
  3. Complete the form with the details required to create your SPF Record.
  4. Once completed; confirm the data you have entered is correct, click on the ‘Continue’.
  5. The SPF record text will be shown at the bottom of the form.

Publish the SPF record on your DNS Server

In order for the SPF record to be queried, it must be published on the authoritative DNS server for your domain. The DNS Server could be hosted locally within the organization or managed by your ISP.

If your DNS records are managed by your ISP, you will need to provide the text from the SPF Setup Wizard to your ISP and ask them to add it to the TXT record of your domain.

If the domain is hosted on a local DNS server, you should manually add the TXT SPF record to your DNS Server. The following procedure explains how to add a TXT SPF record on the DNS server included with Windows 2003 Server:

  1. Login to the DNS server using administrative privileges
  2. Open the ‘DNS’ Console in ‘Administrative Tools’
  3. Expand ‘DNS’ > ‘Forward Lookup Zones’
  4. Select and open the domain in which you wish to add the SPF record. Right-click in the record list and select ‘Other New Records..’ from the menu.
  5. Select the ‘Text (TXT)’ record and click on the ‘Create Record…’ button
  6. Type the SPF record data in the ‘Text’ textbox. Click the ‘OK’ button.
  7. Click on the ‘Done’ button to close the window and the SPF record is added

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.

Try free for 30 days