How to add a SPF record to your domain

To reduce the risk of ending up in a spam folder when you send emails, it is important that you authenticate the service you send via to use your domain name.

This basically means that you need to tell other email servers that your email service provider is allowed to send emails from your domain.

The process here is somewhat complex and technical as it requires changing your DNS records; a process that can seem daunting and has fairly catastrophic consequences if done incorrectly. But if you follow the instructions given by your email service provider, you should be alright.

Example using MailChimp and Gandi

Do note, the actual steps of this process depends on what domain name hosting provider you're using and what email service provider you're authenticating.

For this example, I am trying to add an SPF record for MailChimp, so they can send emails for the domain railscabin.dk, which is using Gandi for DNS.

MailChimp asks me to set up the following DNS record:

  1. A TXT record for railscabin.dk with the value: v=spf1 include:servers.mcsv.net ?all

Don't worry if this looks like technical mumbo jumbo to you, the actual values aren't that important.

Log in to your DNS provider

  1. Log in to my domain name provider, in this case Gandi.
  2. Find my domain name in the user interface.
  3. Go to the section where I can edit "DNS Records".

Now I need to check if the domain already has an existing SPF record. This means looking through the DNS records for a record of type TXT with the name @ (which means the full domain name, in this case railscabin.dk), and a value starting with v=spf1.

When you don't have an existing SPF record

If I don't have a value already I can go ahead and add a new one:

  1. Gandi has a fairly user friendly interface, so I can just click the "Add" button to add a new DNS record.
  2. Choose TXT as the record type.
  3. In this case I leave the name value blank, because we need to create a TXT record for railscabin.dk without anything in front.
  4. I enter the value v=spf1 include:servers.mcsv.net ?all in the value field.
  5. Click "Create" and I'm done.

When you already have a SPF record?

If a SPF record already exists, I need to modify it, making sure the old values are kept around.

  1. Click the "Edit" link next to the existing record.
  2. Observe the existing value in the "value" field. It could look something like "v=spf1 include:_mailcust.gandi.net ?all", which looks a lot like the one MailChimp asks us to add. The difference is that we already have include:_mailcust.gandi.net and we need to add include:servers.mcsv.net. We need to manually merge those two values.
  3. Change the "value" field to look like: "v=spf1 include:_mailcust.gandi.net include:servers.mcsv.net ?all".
  4. What we've done is add include:servers.mcsv.net to the value, preserving the existing include:_mailcust.gandi.net value.
  5. Now click "Update" and we're done.

Trigger authentication in MailChimp

With all the above done, it is time to let MailChimp know that it can start the authentication process. Return to the domain authentication UI in MailChimp and click the "Authenticate" button.

If you get a message saying something like

We tried to verify your DNS changes and did not detect the right values. Remember that DNS changes can take 24-48 hours to propagate through the internet.

you need to wait a while then retry.

This happens when MailChimp already tried looking up the DNS records for your domain before you added the new record; or because your DNS has yet to update with the new records. You probably don't have to wait for 48 hours, try again in a few hours or wait until tomorrow and give it a shot again.

In the meantime, you should add a DKIM record as well.