The Sender Policy Framework (SPF) is as system designed to identify and prevent emails masking their sender address. The domain administrator will create a TXT Resource Record in their DNS Zone, either containing their valid sending server IP address or hostname. The recipient will then compare the information from the Resource Record against the information stored in the email header. If the information does not match, the recipient can reject the email.

We generally recommend to use the SPF filter. Should you want to enable it for your domain, then please get in touch with our customer support. Before contacting our customer support you will need to decide:

1. Type

You can enable two different types of SPF filter:

  • Type 1: SPF check only gets triggered if an email is received from an internal domain. Then the system will check its own Resource Record.
  • Type 2: SPF check will be triggered on any incoming email and will compare the header against any Resource Record if available.

Which type you want to use is up to you. With type 2 the chances of False Positives (emails are being unrightfully filtered) are increased in case the Resource Record contains mistakes or is out-of-date.  We recommend starting with type 1 and switch to type 2 if necessary. 

2. Hard- or Softfail

The Resource Record will distinguish between a hard- or a softfail, which explains how the system will handle an email which Resource Record does not fit. The TXT record will need to add:

  • Hardfail –all: Emails not matching the Resource Record will be rejected
  • Softfail ~all: Emails not matching the Recource Record will be moved into quarantine

We recommend starting using a softfail. This will allow you to react appropriately in case of False Positives.

Creating the Resource Record

You can find the necessary information to set the Resource Record from our Onboarding Website.

After you have set the TXT record, please contact our customer support along with the following information:

  • Which type of SPF you want to use
  • For which domain you want to enable SPF
  • Conformation that the Resource Record was set