SPF Configuration
SPF (Sender Policy Framework) prevents email spoofing by specifying which mail servers can send email on behalf of your domain.
🛡️ What is SPF?
SPF is like a whitelist of approved senders for your domain. When someone receives an email from your domain, their email server checks the SPF record to verify the email came from an authorized server.
Without SPF: Spammers can easily forge emails from your domain.
With SPF: Only authorized servers can send emails, protecting your reputation.
Required SPF Record for MoovMail
SPF TXT Record
| Type: | TXT |
| Name/Host: | @ (root domain) |
| Value: | v=spf1 include:_spf.moovmail.com ~all |
| TTL: | 3600 (1 hour) |
Understanding the SPF Record
Let's break down what each part means:
v=spf1Declares this is an SPF version 1 record
include:_spf.moovmail.comAuthorizes MoovMail servers to send email on your behalf. This includes all IP addresses listed in MoovMail' SPF record.
~allSoft fail: Emails from unauthorized servers should be marked as suspicious but not rejected. This is recommended during initial setup.
SPF Policy Mechanisms
The ending mechanism determines what happens to emails from unauthorized servers:
| Mechanism | Meaning | Recommendation |
|---|---|---|
~all | Soft fail - Mark as suspicious | ✅ Recommended for initial setup |
-all | Hard fail - Reject the email | ⚠️ Use after testing (stricter) |
?all | Neutral - No policy | ❌ Not recommended |
+all | Pass - Allow all | ❌ Never use (defeats purpose) |
Step-by-Step Setup
Step 1: Check for Existing SPF Record
Before adding an SPF record, check if you already have one:
- Go to your DNS management panel
- Look for existing TXT records on your root domain (
@) - Search for records starting with
v=spf1
⚠️ Important: You can only have ONE SPF record per domain. If you already have an SPF record (e.g., for another email service), you need to merge them, not create a second one.
Step 2: Add or Merge SPF Record
If you have NO existing SPF record:
- Click "Add Record" in your DNS panel
- Select type: TXT
- Name/Host:
@(or leave blank) - Value:
v=spf1 include:_spf.moovmail.com ~all - TTL:
3600 - Save the record
If you HAVE an existing SPF record:
You need to add MoovMail to your existing SPF record. For example:
Before (existing SPF):
v=spf1 include:_spf.google.com ~allAfter (merged SPF):
v=spf1 include:_spf.google.com include:_spf.moovmail.com ~allSimply insert include:_spf.moovmail.com before the ~all part.
Common SPF Scenarios
Migrating from Gmail
If currently using Gmail:
v=spf1 include:_spf.google.com include:_spf.moovmail.com ~allMigrating from Outlook/Office 365
If currently using Microsoft:
v=spf1 include:spf.protection.outlook.com include:_spf.moovmail.com ~allUsing Multiple Services
If you have multiple email services:
v=spf1 include:_spf.google.com include:_spf.moovmail.com include:servers.mcsv.net ~all⚠️ SPF Lookup Limit: SPF has a limit of 10 DNS lookups. If you include too many services, SPF may fail. Keep it under 10 include: statements.
Verification
Using MoovMail Dashboard
- Go to your MoovMail dashboard
- Navigate to DNS Setup
- Click "Check DNS Records"
- Wait for SPF verification (may take a few minutes)
Using Online Tools
- Visit MXToolbox SPF Check
- Enter your domain name
- Verify the SPF record is found
- Check that it includes
_spf.moovmail.com
Using Command Line
Windows (Command Prompt):
nslookup -type=txt yourcompany.comMac/Linux (Terminal):
dig yourcompany.com TXT | grep spfTroubleshooting
SPF Record Not Found
- Wait 1-2 hours for DNS propagation
- Check you added it as a TXT record (not SPF type)
- Verify the Name/Host is
@(root domain) - Ensure no typos in the value
Multiple SPF Records Error
If you see an error about multiple SPF records:
- Find all TXT records starting with
v=spf1 - Merge them into ONE record
- Delete the extra SPF records
SPF Too Long Error
SPF records have a 255-character limit for a single string:
- Remove unnecessary
include:statements - Use IP addresses instead of includes where possible
- Contact support for help optimizing your SPF record
Best Practices
- ✅ Start with
~all(soft fail) during testing - ✅ Switch to
-all(hard fail) after confirming everything works - ✅ Keep your SPF record under 10 DNS lookups
- ✅ Regularly review and clean up unused services
- ✅ Test email delivery after making changes
- ❌ Never use
+allor?all - ❌ Don't create multiple SPF records
Next Steps
After configuring SPF:
- Setup DKIM for email authentication
- Configure DMARC for policy enforcement
- Verify all DNS records
Need Help?
SPF configuration can be tricky, especially when merging with existing records. Our support team can help you get it right.
