In order for the IRP to effectively send mail to your customers, you need to make sure that for the domain your email comes from, an SPF (‘Sender Policy Framework’) record is set up correctly in order to let receiving mail servers know that the mail you’re sending is authorised.
An SPF is a TXT DNS record that is added in your domain control panel to indicate who is authorised to send email for your domain.
If your website sends emails from, say, sales@domainname.com , where www.domainname.com is your website, then you will add the TXT record to the root of your domain. This is generally the standard situation. If, for some reason, your email will come from sales@mail.domainname.com , where www.domainname.com is your website, then you have to add the SPF for the subdomain ‘mail ’. You will need to examine your domain’s control panel documentation for instructions on how to do this.
Basic SPF Record Format
The basic SPF record to start from is as follows:
v=spf1 mx ip4:212.78.239.121 -all
v=spf1 |
This is the start of the record to indicate its contents are that of an SPF record. |
mx |
This states that any computer listed as being a Mail Exchanger, i.e. handling inbound and outbound mail, is allowed to send email on your domain’s behalf. |
ip4:212.78.239.121 |
This states that the computer at this IP address can send mail for your domain. In this case, this is the outbound IP address of the IRP’s mail server. |
-all |
This means that mail servers receiving mail from your domain only accept email from the sources listed in this record — it is instructed to reject anything else. |
Specifying Email Origin Locations
The ‘-all ’ at the end gives extra credence to your SPF entry, as no other computer is allowed to send email for you, therefore you have to be absolutely certain that all locations from which your email can come from are listed in this record.
For example, if you use Trustpilot you will need to add this to your record:
include:trustpilotservice.com
In this case, the full record will be:
v=spf1 mx ip4:212.78.239.121 include:trustpilotservice.com -all
As another example, if you use Google Apps to handle your domain email, you will need to add this to your record:
include:_spf.google.com
In this case, the full record will be:
v=spf1 mx ip4:212.78.239.121 include:_spf.google.com -all
If you use any other third party which sends mail on your behalf, e.g. Basket Abandonment solutions, Bulk Marketing Mailshot services, these will probably need to be taken account of here. You will have to contact these third parties for what, if anything, is required for your SPF record.
Setting Up Your SPF Record
In order to set up your SPF record, you will have to use your domain name’s control panel. Given how many there are out there, you will have to review their documentation as to how to do this. However, once you think you have completed your setup, you can test your setup at:
http://mxtoolbox.com/spf.aspx
Just enter the domain name that your mail comes from and click SPF Record Lookup. The resulting summary will examine your SPF and tell you what it has found.
Other Standard Sources – ‘a’ and ‘ptr’
There two other standard records for the SPF Record that you will see; these are ‘a’ and ‘ptr’. In the standard SPF record mentioned above, they would look like this:
v=spf1 a ptr mx ip4:212.78.239.121 -all
‘a ’ means that any computer that is listed as an A record – a record which points to a physical IP address – is authorised to send mail. For IRP, this is not necessary, as the IP address of your website will never be the same as the outbound IP address of any email it sends.
‘ptr ’ means that any reverse mapping of an IP address to a DNS entry should be allowed. Again, this entry should NOT be included, for two reasons:
- These are slow to check, and can hinder your domain’s deliverability, even if you have no PTR records set up for your domain.
- These records can potentially be spoofed, and therefore weaken your SPF, rather than strengthen it.
Other Potential Sources
If at some point you wish to use a third-party mail service, such as Amazon SES, instead of the IRP internal mail array, you will need to replace the IP address of the IRP mail array, 212.78.239.121 , with the outbound IP address of your website. This will not be your website IP address, so you will need to contact your Systems Integrator for this. You will also have to add any additional entries to the SPF to authorise your third-party service. |