Page tree
Skip to end of metadata
Go to start of metadata

The SPF record is missing. This is easy to fix. Here is a bit of background information and what to do next.

What is SPF and why it matters

SPF (Sender Policy Framework) is one of the ways to authenticate email communication. Some information is added to your Web domain settings indicating that certain systems are authorized to send email on your behalf. Adding SPF authentication can increase your deliverability. That is: the percentage of your messages that are delivered to in the Inbox instead of the Spam folder.

What happens if it's missing

If your emails are not authenticated by you, we will authenticate them for you. This will help with deliverability, but will result in some email clients showing "On behalf of..." or "Via..." next to your sender information. That's because email programs want to let the recipient know that another system ("us") was involved in the mailing.

Here is an example of Gmail showing an email where "via..." is added next to the From email.

If you don't want these messages to appear, authenticate using your own domain or disable automatic authentication for domains missing SPF and/or DKIM authentication in Settings > Account settings > Deliverability Checkup > Authentication. However, we strongly recommend keeping it on for better deliverability.

Adding SPF authentication

Adding SPF authentication is easy. Here is what you need to do:

  • Contact your Web hosting company, domain registrar, or network administrator that manages this domain
  • Tell them that you need to make a change to the DNS (Domain Name System) records
  • If you are not already publishing a SPF record, ask them to add the following TXT record:  

v=spf1 ~all 

  • If you already have a SPF record in place (e.g.: you have a TXT record starting with v=spf1) then you should only add the "" before the final "all" keyword

Example: v=spf1 ~all 

  • Wait 24-48 hours: it takes a bit of time to changes to the DNS to propagate around the Internet
  • Run this test again to confirm that the SPF record has been successfully updated.

More information: why the From domain and how it all works

Think of email as a piece of regular mail. The person that actually wrote and signed the letter (in the email world, the From Email and From Name shown in the inbox), could be different from the return address on the back of the envelope (in the email world: the "Envelope Sender", also called "Return Path" or "MAIL-FROM").

Since the MAIL-FROM is where undelivered emails are returned to, you want your Email Service Provider to take care of it and manage all of those returned messages, called bounces.

Since the ESP manages that email address, it is also the ESP that takes care of authenticating it with an SPF record. You don't have to worry about that.

That said, many "receivers" (e.g. Gmail, Yahoo!, etc.) look not only at the address on the envelope (MAIL-FROM), but also at the one on the letter inside the envelope (the From email and name that are shown in the inbox).

They want to make sure that what is displayed in the inbox has not been spoofed. One way to do so is to check the SPF record of the domain associated with the From email.

Now... the ESP that is sending the email on your behalf does not have control on the domain name associated with the From email. You do. It's typically the domain name used by your company for your Web site and more. The ESP, therefore, cannot help you with SPF authentication for that domain. You will need to add the SPF record to it, as indicated elsewhere on this page.

In addition, consider that adding the SPF record to your From domain helps with implementing DMARC, which is a way to further protect your company from spoofing and phishing attacks. Click here for more on DMARC.

  • No labels