SPF Record Installation


SPF stands for Sender Policy Framework. In effect, it is the list of authorized senders for email delivered on behalf of your domain. Many customers will already have an SPF record created for their private domain. Domains hosted under GSuite or Outlook365, for example, should already have an SPF record in accordance with the requirements of those networks.

Setting up SPF will require that your domain's DNS be edited. If you're not comfortable doing this, please consult with an IT specialist before making any changes.

The edit itself is simple; add the reachmail SPF record to your own existing SPF: 


SPF is added as a TXT record to your top-level domain. For the Host/Name you may need to leave this blank, use an @ symbol. See your DNS provider's documentation for additional information.

A complete SPF entry might look like this:

   "v=spf1 include:spf.reachmail.net include:aspmx.googlemail.com -all"

Your DNS provider likely has additional documentation on how to set up records of this kind using their user interface.

In this example the -all is what is called as the enforcement rule. There are a couple of options for this enforcement rule. They are as follows:

  • -all

    Indicates hard fail. If you know all of the authorized IP addresses for your domain, list them in the SPF TXT record and use the -all (hard fail) qualifier. Also, if you are only using SPF, that is, you are not using DMARC or DKIM, you should use the -all qualifier. We recommend that you use always this qualifier.

  • ~all

    Indicates soft fail. If you're not sure that you have the complete list of IP addresses, then you should use the ~all (soft fail) qualifier. Also, if you are using DMARC with p=quarantine or p=reject, then you can use ~all. Otherwise, use -all.

  • ?all

    Indicates neutral. This is used when testing SPF. We do not recommend that you use this qualifier in your live deployment.

CAUTION: do not remove your existing SPF record. You should only add to your existing SPF record if one is already present. Removing an existing SPF record may negatively impact the delivery of mail sent from the previously authorized locations used for personal mail or other mail streams. 

Using our Domain Authentication tool you are now able to see what your SPF record looks like and if you need a new one or to include reachmail. To use this tool check out your Account Tab > Campaign Settings > Domain Authentication

Have more questions? Submit a request


Powered by Zendesk