OVH Guide

Web hosting: the SPF record

The SPF record

  • SPF
  • DNS
  • DNS Zone
  • MX
  • Mail
  • SPAM

Definition

SPF record or Sender Policy Framework record tells the receiving mail server which outgoing server(s) are valid sources of email. The aim is to limit spam but it only works if the receiving mail server is configured to interpret SPF records. SPF is set up by adding a TXT DNS record. This record then lists which servers are authorised to send emails for the domain in question.

Prerequisites

  • You must use OVH DNS servers (in order to manage SPF records on your DNS zone). There is a guide available here:

SPF and OVH

By default, OVH offers an SPF record on web hosting packages, which looks like the following:

domain.com IN TXT "v=spf1 include:mx.ovh.com ~all"

Log on to your control panel

Selecting a domain

  • In the left-hand menu, select "Domains", then click on the appropriate domain.

Modifying SPF

Then click on "DNS Zone"

  • Sort by "SPF"
  • Click on the pencil to modify the record.

  • If you use expert mode:

Modify the SPF entry then click confirm:

  • If you use simple mode:

Modify the SPF record from the wizard then confirm

Create SPF

To create an SPF record, click on "Add an entry", then select "SPF".

  • Please note: Modifications to your DNS zone will be effective in 24 hours, the DNS propagation time.

The different options

-A: This record indicates which domain names are authorised to send emails for this domain. These two lines yield the same results:

my_domain.uk IN TXT "v=spf1 a ~all"
my_domain.uk IN TXT "v=spf1 to:my_domain.uk ~all"
  • MX: This record indicates which MX servers are authorised to send emails for this domain.

These two lines yield the same results, the MX servers for my_domain.uk are authorised to send:

my_domain.fr IN TXT "v=spf1 mx ~all"
my_domain.uk IN TXT "v=spf1 mx:my_domain.uk ~all"
  • PTR: This record shows the reverse DNS of the servers that are authorised to send emails for this domain. It can be the exact reverse or a reverse with the same extenstion.

These two lines yield the same results if myreverse.my_domain.uk is the reverse for my mail server:

my_domain.uk IN TXT "v=spf1 ptr ~all"
my_domain.uk IN TXT "v=spf1 ptr:myreverse.my_domain.uk ~all"

This indicates that all the servers with a "reverse" ending in ovh.net can send emails for this domain:

my_domain.uk IN TXT "v=spf1 ptr:ovh.net ~all"
  • IP4: This record shows IPs of IP v4 classes authorised to send email belonging to this domain.

It indicates that only the 213.186.33.20 server can send emails for this domain:

my_domain.uk IN TXT "v=spf1 ip4:213.186.33.20 ~all"
  • Include: This record indicates that the domain uses the same SPF record as the domain specified in the "include":
my_domain.uk IN TXT "v=spf1 include:mon2e_domain.fr ~all"

All of these options can be combined, for example:

my_domain.fr IN TXT "v=spf1 a:toto.com mx ptr:ovh.net ~all"

In the example above, what can send emails to domain.uk?

  • The IP for the toto.com domain
  • The MX servers of domain.uk
  • All the machines with a reverse DNS ending in "ovh.net"