How to protect your email domain (full SPF setup tutorial)

July 19, 2023
X
min.

SPF records are a simple yet powerful tool to safeguard your email domain from the spam folder and to combat spammers.

But it can be confusing to learn how to set them up and make sure your domain is configured correctly.

In this article, we'll explain what SPF records are and how to add them step by step for Google and Office 356 accounts.

What is an SPF record?

An SPF record (Sender Policy Framework) is an email authentication system that mail servers use to make sure that emails that appear to come from your domain actually do come from you.

Basically, it’s designed to stop phishing attempts and scammers from sending fake messages that claim to be from legit domains.

Technically, you don’t have to set up an SPF record in order to send emails. But it adds a layer of security to your campaigns, which makes your domain more trustworthy to ISPs (internet service providers).

This makes it more likely that your emails stay out of spam.

That’s why it’s so important to set up an SPF record: to protect your domain from spoofing, and to keep your cold emails out of spam.

What does an SPF record do?

An SPF record simply identifies the mail servers that are allowed to send messages from your domain. It’s a type of DNS TXT (Domain Name System ”text”) with a list of APIs, software, etc., that you’ve approved to send messages on your behalf.

It looks like this: v=spf1 include:_spf.google.com ~all

The syntax is divided into a version prefix and one or several mechanisms 👇

A graphic of an SPF record showing "v=spf1" as the 'version prefix' and "include:_spf.google.com ~all" as the mechanism

The version prefix simply explains that this TXT record is to be used for SPF checking, and the mechanism specifies what the SPF is checking for.

Here are the possible qualifiers that could exist in an SPF record:

  • + Pass, an IP address that matches what’s in this mechanism will pass SPF (e.g. “google” in the example above.)
  • - Hard Fail, an IP address that matches what’s in this mechanism will not pass SPF
  • ~ Soft Fail, an IP address that matches what’s in this mechanism will soft fail SPF, which means that the host should accept the mail, but mark it as an SPF failure (e.g. “all” in the example above.)

Can you create multiple SPF records?

Technically, you can create multiple SPF records, but it can generate an “SPF PermError,” which will harm your email deliverability.

So, before doing anything, always check if the SPF record has already been set up. If the answer is yes and you still want to add your primary domain, there's a way to merge the original record with the new one.

All you have to do is copy/paste your new SPF record in front of the old one and separate them with a single space.

For example, to add Outlook to the SPF example we included in the previous section, it would look like this: v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all

How do I check my SPF record?

If you’re using lemlist, it takes less than a minute to check if your SPF record is good to go.

(If you don’t have an account yet, you can sign up here, for free.)

First, go to your dashboard and find the Health tab, under Reports 👇

A screenshot of the lemlist reports tab with "health" highlighted

Next, open the DNS Checks tab and click on “Refresh checks.”

A screenshot of the lemlist DNS checks page, with the button "refresh checks" displayed with a red arrow

In a couple seconds, you’ll get a full overview of not only your SPF record, but also your MX exchanges, DMARC record, Email tests, and your Spamassassin score.

A screenshot of the lemlist DNS check page, displaying MX echanges, SPF record syntax, DMARC record, Email test, and Spamassassin score. All are marked "good" with green buttons

Of course, if you see the green “All good” sign, then your SPF formatting is already set up and protecting you from scammers and the spam folder.

If it needs configuring, all you have to do is follow the steps below.

Microsoft Office 365 SPF setup example

If Microsoft Office 365 is your email provider, here’s how to set up your SPF record for the relevant server.

We’ll start with a simple process you can follow for any domain provider, then add more specific details for popular domain providers like Namecheap, Cloudflare, and Bluehost.

How to set up Office 365 SPF record - for all domain providers

No matter what domain hosting you use right now, there are only a few steps to follow to validate your Microsoft Office 365 SPF:

  1. Go to the settings for your DNS provider
  2. Create a new record
  3. Choose "TXT"
  4. Put "@" in the name
  5. Put v=spf1 include:spf.protection.outlook.com -all in value

And save it!

A screenshot of a domain provider with an SPF record for outlook 365

SPF record setup for Microsoft Office 365 and Namecheap

If you're using Namecheap, here are more specific steps:

  1. Log in to Namecheap
  2. Go to Domain list and choose your domain
  3. Go to Advanced DNS
  4. Click on "Add new record"
  5. Choose TXT record
  6. Put @ in "Host" or "Name"
  7. Put v=spf1 include:spf.protection.outlook.com -all in value
a screenshot of the namecheap domain provider with an outlook 365 spf record

SPF configuration for Microsoft Office 365 and Cloudflare

To configure your SPF record for Microsoft Office in Cloudflare, here's what to do:

  1. Log in to Cloudflare
  2. Go to Domain list and choose your domain
  3. Go to DNS
  4. Click on "Add new record"
  5. Choose TXT record
  6. Put @ in "Host" or "Name"
  7. Put v=spf1 include:spf.protection.outlook.com -all in value
  8. Save it!
a screenshot of the cloudflare domain provider with an outlook 365 spf record

Enable SPF record for Microsoft Office 365 and Bluehost

Finally, here are the steps to input your Office 365 SPF record in Bluehost:

  1. Log in to Bluehost
  2. Go to Domain list and choose your domain
  3. Go to DNS
  4. Click on "Add new record"
  5. Choose TXT record
  6. Put @ in "Host" or "Name"
  7. Put v=spf1 include:spf.protection.outlook.com -all in ****value
  8. Save it!
a screenshot of the bluehost domain provider with an outlook 365 spf record

How to add SPF records for a Google sending domain

Now, here’s how you can add your Google domain to the SPF record mechanism for your domain provider.

How to set up your Google SPF record - for all domain providers

No matter what domain provider you use right now, follow the steps below to validate your SPF.

You can also check in the documents and tutorials of your domain provider itself to see if they already give instructions on how to configure your SPF.

  1. Go to your DNS settings
  2. Create a new record
  3. Configure and choose "TXT"
  4. Add "@" in name
  5. Add v=spf1 include:_spf.google.com ~all in value

Save it to publish it!

A screenshot of the google spf record in the dns settings of a domain provider

How to create a Google SPF record for Namecheap

If you’re using Namecheap, here are the steps to add Google to your SPF record:

  1. Log in to Namecheap
  2. Go to Domain list and choose your domain
  3. Go to Advanced DNS
  4. Click on "Add new record"
  5. Choose TXT record
  6. Put @ in "Host" or "Name"
  7. Add the tag v=spf1 include:_spf.google.com ~all in value
  8. Save it!
A screenshot of the namecheap domain provider with a Google spf record

Adding a Google SPF record to Cloudflare

For Cloudflare users, here’s how to add Google to the SPF TXT record.

  1. Log in to Cloudflare
  2. Go to Domain list and choose your domain
  3. Go to DNS provider
  4. Click on "Add new record"
  5. Choose TXT record
  6. Put @ in "Name"
  7. Put v=spf1 include:_spf.google.com ~all in value
  8. Save it!
A screenshot of a Google SPF record added to the cloudflare DNS settings

How to set up Google SPF records for Bluehost

Finally, for Bluehost users, here’s how to add your Google domain:

  1. Log in to Bluehost
  2. Go to Domain list and choose your domain
  3. Go to Advanced DNS
  4. Click on "Add new record"
  5. Choose TXT record
  6. Put @ in "Host" or "Name"
  7. Put v=spf1 include:_spf.google.com ~all in value
  8. Save it
A screenshot of a Google SPF record added to the bluehost DNS settings

Key takeaways

  • Configuring your SPF record helps fight email spoofing and misuse
  • If you want to have high email deliverability, you must set up SPF records for your sending domain

Need more technical resources to help you get your technical setup in tip-top shape? Follow the guides below:

How-to: DKIM setup tutorials

How-to: How to set up your custom tracking domain

How-to: Set up your DMARC

How-to: Set up your MX records

Complete guide: Audit of your email sending reputation and deliverability

Video tutorial: DKIM mechanism setup video tutorial

And if you're looking for an all-in one tool to manage and send multichannel cold outreach campaigns, with a deliverability booster and a DNS dashboard, give lemlist a try for free.

What you should look at next
deliverability
How to check if an email is valid (5 methods without sending emails)
If you send emails to invalid addresses, you can’t get replies and grow your business. In this article, get 5 proven methods to validate an email without reaching out first.
Mihaela Cicvaric
May 3, 2023
deliverability
Email warm up: 2 types of IP warming strategy
Email warm up is an essential component because it influences your sending reputation and email deliverability big time
Guillaume Moubeche
August 22, 2022
deliverability
Cold email open rates are misleading you. Here’s what you should track instead.
After analyzing 10M+ cold emails sent by 65,000+ people worldwide - here are our learnings when it comes to open rates.
Mihaela Cicvaric
June 9, 2022
deliverability
9 best email verification tools (email validation software & services)
We reviewed the best email verification tools and software to provide you with the most reliable validation services.
Mihaela Cicvaric
January 21, 2022
deliverability
How to audit your sending reputation & boost email deliverability
There's no point in sending your top cold email templates before you make sure they are landing in prospects' inboxes.
Mihaela Cicvaric
August 23, 2021
deliverability
Bouncer email verification review: is Bouncer mail validation worth it?
Today I'll show you how to verify email addresses before sending cold emails. It's quite important to check if email is valid so your email reputation will be ok.
Mihaela Cicvaric
May 26, 2021

Book your
first meetings
this week!

Accelerate your business growth and start generating revenue with lemlist
Try for free
No card required.
Try for free
No card required.
YES