SPF records for clients sendint out via Dome Antispam gateway

I have been unable to find information in order to create these records.

You will need to contact your email hosting provider for the information you need to create the SPF records, @gamelofter.

Hi @gamelofter

SPF is a tricky thing; but here is a great example / guide for you…

Main SPF Record
DNS Record Type: TXT
DNS Record Name: <Leave Blank>
DNS Record Value: v=spf1 mx include:_spf.YourDomain.Name include:spf.protection.outlook.com -all exp=badguy.YourDomain.Name
Notes: Allows you MX and O365 to send. Also allowes services in _spf.YourDomain.Name to send too. The info to why something has failed (exp=badguy) might need to be before “-a”.

_spf Record
DNS Record Type: TXT
DNS Record Name: _spf
DNS Record Value: v=spf1 ip4: ip4: a:spam.YourDomain.Name -all
Notes: Allows the listed IPs and A records to send

badguy Record
DNS Record Type: TXT
DNS Record Name: badguy
DNS Record Value: “The email from %{s} using SMTP server at %{i} was rejected by %{c} (%{r}) at %{t} because it failed the SPF records check for the domain %{p}.”

Hopefully this information helps and points you in the right direction.


@Rick_C @StrobeTech All email is smart hosted through the MSP Anti Spam system… We have started getting authentication required returns which points to SPF records…

Hi @gamelofter

The records and examples provided above will solve your issue, but you have to replace the example information with the correct information.

A very simple SPF record that allows the MX only would be: -
v=spf1 mx -all

If the MSP spam system is your MX and you use this as a smarthost to route your emails out of the business this will be all you need, but if you have payroll and other web apps for instance that use your domain and send direct then you need to add these to the SPF record else they will fail.

Hope this helps.