1. Home
  2. Email
  3. Email management
  4. Domain authentication – SPF records

Domain authentication – SPF records

SPF is one way to have your domains properly authenticated. For an overview of them all, click here.

When you create pages or email campaigns, it’s likely that you will send out email messages that are sent on behalf of your organization or on behalf of your supporter taking action. Here are the main examples:

  1. Your supporter writes a message to a local politician in an email-to-target: we send an email from your supporter to the local politician.

  2. Your supporter adds their name to an online petition or writes a message to a local politician: we send a ‘thank you’ email from your organization to your supporter.

  3. You send out a broadcast to your supporters: we send an email to each recipient from your organization to your supporters.

Technically what we are doing is called ‘spoofing’. This essentially means that we are pretending to send emails from an email domain that is not within our control.

SPF records

For example, let’s say a supporter ([email protected] say) takes action on your petition page and you have a thank you email set up to come from [email protected] Engaging Networks is sending the email, but clearly Engaging Networks is not actually your charity. We are pretending to send this email from your organization to your supporter. We are ‘spoofing’ this email.

What then happens is that the receiving domain (hotmail.com) checks whether yourcharity.org.uk has a ‘sender policy framework’, or SPF record, on the domain. The SPF record would tell the server if the IP address for the server that sent the email is authorized by the domain administrators to do so. If the SPF record did not list the IP address for our email server, it could decide to reject the email or put it in the spam folder. 

To improve deliverability therefore, it is recommend that you add an SPF record to your sending domain you use for broadcasts and thank you emails in Engaging Networks. 

Note: In the context of example (1) above, where we send an email to a politician on behalf of a supporter, Hotmail would not authorize our servers to send mail from their domain (and your supporters will be using hundreds of different email domains in their email address). Instead we use other mechanisms to improve the deliverability of these kinds of email sends. 

Implementation

Creating an SPF record and adding an SPF record to your DNS entries should only be done by someone who is familiar with the process. SPF records are in fact text entries and each ISP that hosts DNS records will provide different facilities to create and add SPF records.

The first step is to create the SPF record itself, which should be done by your IT department or ISP. If you are updating an existing SPF record please speak with your ISP about amending this record and using the appropriate syntax. Once your SPF record (text file) is created using the steps below, you will then need to add this text file to your DNS record. Again, this is something your IT department or ISP should implement since it involves your DNS record.

Creating a new SPF record

The following rule should be added to your SPF record by your IT department or ISP:

include:_spf.e-activist.com

You should avoid creating more than one rule (i.e. more than one line that begins v=spf1). See below for examples of merging rules into one line.

Example rules

For example: if you are only using Engaging Networks to send emails ‘from’ the given email address (so there are no additional IP addresses required for other mail servers), the full rule would just be:

v=spf1 include:_spf.e-activist.com ~all

However, if you need to include additional IP addresses because you send emails from other mail servers as well, the rule will have the following form (these are example IPs, you will need to drop the real ones into place):

v=spf1 mx ip4:66.11.156.248/29 ip4:66.11.152.144/29 include:_spf.e-activist.com ~all

Testing your SPF records

You can use our domain authentication tools (go to Emails > Settings > Domain authentication) to validate whether each sending domain in your account has got our SPF rule on it. Note that if there are other issues, such as too many rules, we do not report this here. We would recommend using third-party tools such as https://cable.ayra.ch/spf/ or https://www.kitterman.com/spf/validate.html to fully validate your domain.

Updated on October 9, 2019

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support