Back in the old days, like way back in the Middle Ages, written letters were used for sending messages and communicating. Kings and rulers also wrote letters to their governors and subjects but before the royal envelope was dispatched, it was affixed with a seal that bore testimony to its legitimacy. If the recipient of the imperial missive did not see the royal seal, they would reject it and assume it to be bogus.
Now we aren’t exactly using parchments and scrolls nowadays but there is still a verification test or screening process that our emails or ‘letters’ have to go through. And that is done with the help of SPF records.
SPF records list the IP addresses that have clearance to send emails from your domain. The receiving end checks the SPF record to see whether the IP address that has sent the email is on it (the record) or not. If it is, then it means that the message is legitimate and is from someone who is authorized to send emails on behalf of your domain. If the records don’t include the sending IP address, the email is rejected and assigned to the sad pile of ‘spam’.
Take another example.
Have you ever received an email from Wordpress.com or Google.com saying “Booga Booga, I want to eat some Shuga”?
No, you haven’t. In theory, anyone could send you this message by assuming the name of the domain and making it look like it was from the actual site. But that doesn’t happen because SPF records prevent any party who is not on the list of authorized IP addresses from sending an email on behalf of the domain name. It is a method of creating credibility, basically.
SPF Records: A Deeper Look
SPF stands for sender policy framework. It is classified as a DNS TXT record. DNS TXT records are used for inserting lines of text into the DNS or the Domain Name System. SPF records use this text-entering gimmick to list the authorized IP addresses. That basically means that the list of IP addresses is registered into the DNS as pieces of text.
Let’s take a look at a little graphic to understand how SPF records work.
This is pretty basic but it does cover the crux of the matter. The point to note is that there are two servers involved. One is the sender and the other is the narc. The latter stops every mail and checks to see if it is sent by an authorized IP address or not.
The ‘all’ component
That brings us to another important aspect of SPF records: the ‘all’ function. The ‘all’ function is written at the end of the SPF record (you will get a better idea when we discuss the syntax in the next heading) and it decides what happens to the spoof email sent by the bogus sender.
The receiving server has three ways in which it can deal with an email sent from an unregistered IP address.
• The “-all” function: If the word ‘all’ is written at the end of the SPF record with a negative (-) sign, then it means that all emails sent from unregistered IP addresses will be rejected. They won’t be entertained at all.
• The “~all” function: If the 'all' is written with an (approximation?) “~” sign, then it means that the email will be let through but it will be branded as spam.
• The “+all” function: This is pretty much the ‘open the floodgates’ type of scenario. The plus sign indicates that there is no screening process in the SPF record. Every server is authorized to send an email on behalf of your domain.
The Syntax of an SPF Record
See that mess of letters and numbers up there? That is what an SPF record looks like. And if you take a gander at the end, you will see the 'all' function we have been talking about. In this example, the negative sign is used which means that all unauthorized emails will be rejected.
Let’s break down the syntax a little.
• First up, there is the “v = spf1” component. This part of the syntax is the identification of an SPF record. If a record starts without it, it won’t be recognized by the server as an SPF record.
• Then, there are two IP addresses which cleared for sending emails from the domain. In this example, there are just two but they can be a lot more.
• The “include: examplesender.email” shows that the website ‘examplesender.email’ is allowed to send emails from your domain name. This can be thought of as a method of collectively giving clearance to a lot of different IP addresses at once. If the SPF record shows that a whole website is authorized to send emails on behalf of your domain, then every IP address associated with that website’s SPF record will be given clearance.
• It's like your dad flashing his card at the entrance of the office building and then letting you and your siblings through the security check. Since the folks know that you’re the kids of the bossman, you are automatically cleared to enter.
• At the end, there is the ‘-all’ function. That was discussed in detail above.
How SPF Records help in Email Deliverability
Suppose you have two cell phones. One is for your personal one, and the other one pretty much lies around the house and everyone uses it. You also have some prankster siblings who like to mess around with you by sending messages to your friends while making it look like you’re sending ‘em.
In such a situation, if you use your personal number to send a message to a buddy, he will know that it’s you who’s talking and he will respond. But if you send a message from the other number, he will ignore it since he knows that there is no reliability and no assurance that the sender is actually you and not your joker sibling although it is your number that is showing up.
In the same way, when a domain doesn’t have an SPF record, there will be no credibility in their emails. The receiving end will have no way of knowing whether the sender is authorized or not. All the emails sent will be regarded with suspicion and they will be marked as spam email. You won’t be able to get the attention of your customers and your emails will be sent to the trash folder with contempt.
But when an SPF record is established, it will allow the receiving end to filter the legit emails from the fake ones by checking the incoming IP address.
In essence, SPF records help in email deliverability by increasing credibility and establishing sender integrity.
Why SPF Records are So Important?
In the last heading, we discussed how SPF records help in email deliverability. Due to the added credibility, your emails will have a better chance of ending up in the ‘Primary’ inbox rather than in the ‘Spam’ folder.
Now, this sounds rather mild and it makes it sound like that the only consequence of not having an SPF record is that your emails will get marked as 'spam'. But that's not just it.
If you don’t have an SPF record, then any person or party will be able to assume your domain name. They could send such emails to your clients that could mar your reputation and lead to serious implications for your brand name.
And if your company is gaining popularity, then this sort of action can be motivated by malice and rivalry. Competitors may resort to such a stratagem to diminish your acclaim and fame in the market.
Hence, the potential and possibility of this danger, combined with the aspect relating to email deliverability, helps us realize the importance and essentiality of having an established SPF record.
Conclusion
As a conclusion, let’s do a quick recap of the stuff we looked at in the above article.
SPF records are used for certifying and verifying whether a certain IP address is eligible and authorized to send emails on behalf of the domain name or not. It was designed to supplement SMTP protocol. The SPF record is written as a DNS TXT file.
If the receiving server, after checking the SPF record, finds that the IP address is not listed or registered, then it flags the email as spam or stops it from proceeding. There are different ways in which the receiving end can deal with a bogus email. We discussed this in the part about the ‘all’ function.
Having an established SPF record can help improve your mail deliverability since it can lend credibility to the emails being sent from your domain. Since you can restrict the number of authorized IP addresses, the receiving server will treat the incoming mail as secure and legitimate.
