This is all good stuff - thanks for contributing, guys. Here is an excerpt from our developing procedures manual - using an upcoming Accrisoft platform-based domain - regarding how to set up SPF. Does anyone else set this stuff up?
Setup DNS SPF - Part 1
Sender ID Framework Overview
An excerpt from the Overview follows:
"SIDF has been approved by the Internet Engineering Task Force to help
increase the detection of deceptive e-mail and to improve the deliverability of
legitimate e-mail. SIDF is an e-mail authentication protocol designed to be
implemented at no cost for all senders, independent of their e-mail
architecture. Today, SIDF is the leading solution embraced by more than 12
million domain holders, sending nearly 50 percent of all legitimate e-mail
When receiving networks include the SIDF results with their existing antispam
solutions, SIDF can improve e-mail deliverability while also reducing false
positives. Although it will not stop spam completely, SIDF can help improve
online trust and confidence when it is used with reputation data and antispam
and phishing heuristics.
How Sender ID Works
Sender ID seeks to verify that every e-mail message originates from the
Internet domain from which it claims to have been sent. This is accomplished by
checking the address of the server that sent the mail against a registered list
of servers that the domain owner has authorized to send e-mail. This
verification is automatically performed by the Internet service provider (ISP)
or the recipient's mail server before the e-mail message is delivered. The
result of the Sender ID check can be incorporated into the filtering tasks that
are already performed by the mail server. After the sender has been
authenticated, the mail server may apply conventional content filters and
consider past behaviors, traffic patterns, and sender reputation when
determining whether to deliver mail to the recipient."
Use the Sender ID Framework SPF Record Wizard
Goto the Sender ID Framework SPF Record Wizard at
and work through the following (with brightearthfoods.com as an example).
Step 1 of 4: Identify Your Domain
Please enter the domain name for which you want to create a new SPF record:
Step 2 of 4: Display Published DNS Records
The wizard has checked DNS for information about brightearthfoods.com
including: SPF, MX and A records. This information is displayed below.
If an SPF record was found, you can verify its contents here and use the
remaining steps of this wizard to modify the record if necessary. If no SPF
record was found, you can use information from the domain's MX and A records to
create a new SPF record.
Click Next to continue. No SPF Record Found. A and MX Records Available
No SPF record has been found for the domain brightearthfoods.com. However, MX
and/or A records currently exist for this domain.
Addresses Listed in A records
Mail Servers Listed in MX Records
This information may be of assistance in creating your new SPF record.
Step 3 of 4: Create SPF Record
Use the form below to create or modify your SPF record. Some parts of the
form have already been filled in with information the wizard found in DNS for
Domain Not Used for Sending E-Mail
Please check this option if this domain is not used for sending outbound
e-mail. Domains which do not send out e-mail will have no outbound mail servers
(What's this? The outbound mail servers of a domain are the computers under the
domain's control that connect with the inbound mail servers of other domains and
hand off E-Mail messages to them for delivery.):
No mail is sent from domain: [Unchecked]
Inbound Mail Servers Send Outbound Mail
If your inbound mail servers are also used to send outbound mail, you should
add this option to your new SPF record. If you are not sure, we recommend you
add this option, since most inbound mail servers can at least send outbound
non-delivery reports (NDRs). (What's this? This policy indicates whether a
domain's inbound mail servers (usually listed in the domain's DNS MX records)
are also allowed to send mail outbound. Since most inbound mail servers can at
times generate non-delivery reports (NDRs) or delivery status notifications
(DSNs), most domains include this policy.)
Domain's inbound servers may send mail: [Check]
These addresses are currently listed in MX records for brightearthfoods.com.
Check each MX address that is a valid outbound e-mail server for this domain.:
Enter any additional domain names whose MX records refer to valid outbound
e-mail servers for brightearthfoods.com (one domain name per line).:
Outbound Mail Server Addresses
If all the IP addresses listed in A records for brightearthfoods.com in DNS
are outbound mail servers, you should include this option in your new SPF
All addresses listed in A records may send mail: [Unchecked]
These IP addresses or domains are currently listed in A records for the
specified domain. Select each IP address that should always be indicated as an
outbound mail server.:
Enter any additional IP addresses (or ranges of addresses) you wish to add to
your SPF record (one address or address range per line). Examples: 220.127.116.11
Enter any additional domain names whose A records refer to valid outbound
e-mail servers for brightearthfoods.com (one domain name per line).
Reverse DNS Lookup
Check this box if all the reverse DNS records (PTR records) for
brightearthfoods.com resolve to outbound e-mail servers for the domain.
All PTR records resolve to outbound email servers [Unchecked]
Enter any additional domain names whose PTR records resolve to valid outbound
e-mail servers for brightearthfoods.com (one domain name per line)
(What's this? If mail sent on behalf of a domain is at times actually
delivered to its recipients by the computers of another domain, such domains are
considered "outsourced" domains. This situation often arises when a domain has
outsourced the running of some of its online applications to a third-party. A
second common situation occurs when mail from a domain originates within the
domain's computers but is relayed to the outside world through those of
Enter any additional domain names whose SPF records refer to valid outbound
e-mail servers for brightearthfoods.com (one domain name per line).
Does brightearthfoods.com send e-mail from any IP addresses that are not
identified in the above sections?
[Unchecked] Yes; mail may legitimately originate from IP addresses not
[Unchecked] No; this domain sends mail only from the IP addresses identified
[Unchecked] Neutral; this domain makes no statement about whether mail may
legitimately originate from IP addresses not identified above.
[Checked] Discouraged; mail may legitimately originate from IP addresses not
identified above, however, use of such IP addresses is discouraged and may not
be permitted in the future.
What e-mail identities can this SPF record be used to validate?
[Unchecked] The Purported Responsible Address (PRA) derived from RFC 2822
[Unchecked] The MAIL FROM (or reverse-path) address derived from the RFC 2821
protocol's MAIL command.
Step 4 of 4: Generate SPF Record
A new SPF record has been generated based on the information provided by you.
This document has not been published to the DNS. Click "Select All" to select
and copy the SPF text record. Paste your SPF text record in a notepad or word
document and provide it to your network administrator to insert into your DNS
Instructions: Your SPF record must be published in DNS records of type TXT
under brightearthfoods.com Consult the documentation of your DNS administration
tools for further details on publishing this.
v=spf1 mx ip4:18.104.22.168 mx:mx1.emailsrvr.com mx:mx2.emailsrvr.com
a:onemosssphere.com include:onemosssphere.com ~all
Copy the generated SPF record and goto the next section entitled "Setup DNS
SPF - Part 2"
Setup DNS SPF - Part 2
Goto 'Administrative Interface' from http://vps.securesites.com, and login
In Domain Name and Domain Registration Summary [on the left hand side],
select the 'brightearthfoods.com' Domain Name
'Add Resource Record'
Add one TXT Records similar to following:
[@] IN [TXT] v=spf1 mx ip4:22.214.171.124 mx:mx1.emailsrvr.com
mx:mx2.emailsrvr.com a:onemosssphere.com include:onemosssphere.com ~all [1 day]
'Add Resource Record(s)'
which yields the following new Records:
Resource Record Add Submission Results
The following resource record(s) have been added:
brightearthfoods.com. 86400 IN TXT "v=spf1 mx ip4:126.96.36.199
mx:mx1.emailsrvr.com mx:mx2.emailsrvr.com a:onemosssphere.com
Setup DNS SPF - Part 3
Verify that there are no other records to add after completing all
"Support for Sender Policy Framework protocol for outbound email messages –
In order to prevent email notifications generated by [SAAS] applications from
being blocked as SPAM, [SAAS] will support the SPF protocol allowing your DNS to
make [SAAS] an authorized sender of email from your domain. This will support
the case where you have entered a custom sender email address as the default
FROM value for notifications originating from your [SAAS] account and ensure
that the messages are not detected as Spam by the receiver's email system."