Authorize senders with SPF

Identify spam messages with SPF records

You can easily identify spam messages with Sender Policy Framework (SPF) records for your domain. An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain.

Why use SPF records?
You use SPF records to help identify spammers sending messages with forged envelope senders (the address used during the SMTP MAIL FROM command) on behalf of your domain. Recipients can refer to the SPF record to determine whether a message claiming to be from your domain is from an authorized mail server. Additionally, to protect your domain from being used by spammers in the From: header, you would need to deploy DMARC along with SPF. 
How do I use an SPF record?
Suppose that your yourdomain.com domain uses Gmail. You create an SPF record that identifies the Google Apps mail servers as the authorized mail servers for your domain. When a recipient's mail server receives a message from user@yourdomain.com, it can check the SPF record for yourdomain.com to determine whether it’s a valid message. If the message comes from a server other than the Google Apps mail servers listed in the SPF record, the recipient's mail server can reject it as spam.

If your domain doesn’t have an SPF record, some recipient domains may reject messages from your users because they can’t validate that the messages come from an authorized mail server.

If you've already set the SPF record for your domain, it means that you’ve set Google's servers in the SPF records.
Enable SPF records for outbound gateway
If you decide to enable the email gateway feature, you need to make sure the server addresses for Google and the outbound gateway SMTP is included in the SPF record.

Notes:

  • If you purchased your domain from one of our registration partners while signing up for Google Apps, Google doesn’t publish SPF records for your domain.
  • If you have an existing SPF record, you can update it to authorize an additional mail server. Be careful not to create multiple SPF records; only update the existing record. 
  • Multiple SPF records aren’t recommended and can cause authorization problems. See Multiple SPF records for more information.

 

See Authenticate email with a domain key and Understanding DMARC for other anti-spoofing options available to you through Google.

Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.