Sender Policy Framework (SPF) is an email authentication method designed to detect and block email spoofing. It helps mail exchanges decide if a given message is genuine or if it’s potentially harmful or forged.
If you use subdomains for email purposes, it’s important to set up SPF records for each subdomain, considering their specific email sending sources. SPF record for subdomain helps prevent email spoofing and phishing attacks.
In this article, we’ll explore what an SPF record for a subdomain is and explain how it works.
- SPF record is one of the most essential components used for email authentication
- MX and TXT records are most commonly used DNS entries for creating a SPF record for subdomain
- SPF record creation can sometimes be tedious and lead to syntax errors. There are several great SPF record generators to generate error-free SPF records in seconds
Check Out Our Best Email Hosting Options
Provider | User Rating | Best For | |
---|---|---|---|
5.0 | Performance | Visit HostArmada | |
4.8 | Affordable Plans | Visit FastComet | |
4.6 | Ease of Use | Visit Hostinger |
What Is SPF Record?
An SPF (Sender Policy Framework) is a crucial component of email authentication. Essentially, it’s a DNS (Domain Name System) record that specifies the authorized mail servers for a particular domain.
For example, if you send an email from a domain, the recipient’s server can check the SPF record to confirm if the server that sent the email is legitimate. The SPF record consists of rules that define which IP addresses or hostnames can send emails on behalf of the domain.
If the sender server matches one of the authorized sources, the email will pass the SPF check. SPF is an important asset because, in addition to DMARC policy, it can help prevent email fraud, phishing, and unauthorized use.
What does an SPF record look like?
A SPF record will usually look like this:
- “v=spf1†identifies the version of the SPF being used. The other syntax includes mechanism.
- “include:_spf.example.com†specifies that the SPF record for the domain “example.com†should be consulted for authorized mail servers
- “~all†is a mechanism that helps specify what action to take if the sending server doesn’t match any of the authorized sources
Keep in mind that one SPF record string can’t include more than 255 characters. If your SPF record is longer, use multiple records instead. Additionally, some DNS providers don’t use quotations to enclose the record data. Limiting the number of mechanisms to 10 helps avoid DNS overload.
How Does SPF Work with Subdomains?
SPF can be used with subdomains to control which mail servers are authorized to send email on behalf of those subdomains.
Each email subdomain can have its own SPF record. These records are published in the DNS zone of the subdomain. For example, if you have the subdomain “sub.example.com,†you would create an SPF record in the DNS zone for “sub.example.com.â€
Are SPF Records Inherited by Subdomains?
SPF records are not automatically inherited by subdomains. Each subdomain will have its SPF record. The SPF policy for a subdomain is not inherited from its parent domain.
Instead, you will need to configure SPF records for certain subdomains manually. SPF records are specific to the domain or subdomain for which they are configured.
Can a SPF Record Include Multiple Domains?
A SPF record can include multiple domains by using multiple “include mechanisms†within the record. That way, you can specify that the SPF rules of multiple domains are authorized to send email on behalf of the domain in question.
You can include as many domains as needed to authorize multiple sources for sending emails on behalf of your domain. Still, ensure that the SPF records of the included domains are correctly configured. Also, make sure not to exceed the DNS lookup limit for SPF, which is usually 10 DNS queries.
Recommended Shared Hosting Options for Hosting Multiple Domains
Provider | Discounts | Money-Back Guarantee | |
---|---|---|---|
10% Off | 30 Days | Visit Hostinger | |
Up to 75% Off | 45 Days | Visit HostArmada | |
Up to 80% Off | 45 Days | Visit FastComet |
Example: MailChimp SPF Record for Subdomain
Let’s say you have a domain “example.com†and you’ve set up a subdomain called “newsletter.example.com†through which you’ll send email using a third-party email marketing service such as MailChimp.
You want to ensure that only MailChimp is authorized to send emails on behalf of the subdomain to avoid potential spam or fraud.
- First, you’ll need to create an SPF record for the subdomain “newsletter.example.com†by adding a TXT DNS record to the DNS zone
- In the DNS record for your subdomain, you would include the authorized third-party service’s SPF rules using the “include†mechanism
When an email is sent from an address in the subdomain, the recipient’s email server performs an SPF check. The email server will look up the SPF record for “newsletter.example.com†and find the “include†mechanism.
Next, the recipient’s server checks if the sending server’s IP address matches any of the authorized IP addresses or other rules specified in the SPF record.
If the sending server is listed in “mailchimp.com’s†SPF record the email passes the SPF check. If the sending server is not listed in the authorized sources, the email fails the SPF check.
SPF Records for Subdomains: Related Concepts
MX and TXT records are DNS records commonly used in SPF record generation. Here we’ll explain how they relate to subdomains and SPF records and whether you should use MX or TXT records.
MX Records for Subdomains
- MX (Mail Exchanger) records are a crucial part of the DNS
- They are used to specify the mail servers responsible for receiving email messages for a specific domain
- MX records are essential for routing emails to the correct destination servers
- Each subdomain can have its own MX record
- You can specify separate mail servers to handle email delivery for a certain subdomain
When it comes to SPF records, SPF often uses the “mx†mechanism to indicate that the MX servers of a domain are authorized to send email on its behalf.
When configuring SPF records for a domain or subdomain, you can include the “mx†mechanism to allow the IP addresses of the MX servers to be considered authorized sources for sending email.
TXT Records for Subdomains
- TXT (Text) records are versatile DNS records
- They are used for storing various types of text-based information, including SPF records.
- You can also use TXT records for other purposes such as subdomains to verify ownership, configure services, or provide additional details about the subdomains.
SPF records are a specific type of TXT record that are crucial for email authentication and specify which servers can send email on behalf of a domain or subdomain.
Both types of records can be used for SPF records, although TXT records are more suitable for it. MX records are more helpful in routing email because they help specify the mail servers responsible for receiving email. MX records are also used for configuring email servers.
How to Add an SPF Record for Your Subdomain
Adding an SPF record for your subdomain is a straightforward process. First, you need to create an SPF record for your subdomains.
- Step 1: Use an SPF record generator tool. You can choose one of the options we listed in the following sections.
- Step 2: Enter the necessary information about the third-party servers you may use to send emails.
- Step 3: Click the “generate SPF record†button and let the program generate a TXT record. Keep in mind that the process may differ depending on the tool you choose to use. Copy the record before proceeding to the next steps.
Now that you generated an SPF record for your subdomain, it’s time to publish it. Keep in mind that the process of getting your SPF record for your subdomain published depends on the DNS provider you use.
Below is the general guide that will help you navigate more easily through your DNS provider’s management console.
- Step 1: Log in to your DNS management console as an administrator
- Step 2: Go to the DNS settings page to add a new DNS record
- Step 3: Choose the subdomain that is registered using the DNS provider. Keep in mind that you can add an SPF record only for the subdomains you already registered through your domain provider.
- Step 4: Click on “Add new record†and fill the text box with the previously generated SPF record
How to Add an SPF Record for Your Subdomain in GoDaddy
If you registered your domain and subdomain through the GoDaddy domain registrar, you can create an SPF record directly from their DNS portfolio. Here’s how.
- Step 1: Log in to your GoDaddy Domain Portfolio
- Step 2: Click the three dots next to the domain you’d like to edit and then select Edit DNS.
- Step 3: Select Add New Record and select TXT from the Type menu.
- Step 4: Enter the necessary details to create a SPF record. That can either be the AI-generated SPF record you generated earlier, or you can create one manually. If you choose to create one manually, here’s what to include:
- Name: A prefix of the record or a hostname. Don’t include the domain name. Enter @ to add a record on your root domain, or enter the prefix such as mail.
- Value: This detail refers to the SPF rule to make sure that emails are only allowed from your mail servers. The value can’t exceed 512 characters and can include only ASCII characters.
- TTL (Time to Live): The amount of time during which the server should keep the cached information before refreshing. By default, this setting is 1 hour.
- Step 5: Select Save to add the new record.
The DNS update can take anywhere from an hour to 48 hours. Do note that you can also add records for your other subdomains. The full guide can be found here.
Best SPF Record Generator Tools
If you’d rather use a program that will generate SPF records for you, check our list of best SPF record generators.
- ClouDNS: ClouDNS is a free SPF record generator with a straightforward interface. You don’t need to make an account. All you need to do is enter the domain or subdomain, choose whether you want to use A record and MX record and include the necessary IP addresses and mechanisms.
- PowerDMARC: PowerDMARC is a powerful SPF generator tool that allows you to create valid and error-free SPF records that are compliant with DMARC policy. It allows you to add more mechanisms and can generate an SPF in seconds.
- MXToolBox: MXToolBox is a simple tool that helps you generate an SPF record or modify your current SPF record. You can also use it to check for email delivery issues and resolve them.
Best SPF Record Checker and Lookup Tools
SPF checker tools are online services and software applications that help you validate and test SPF records for a specific subdomain. Here are some of the best ones you can use.
- Mailmeteor: Mailmeteor is a free SPF Record Checker that looks up your DNS configuration for SPF records and diagnoses potential issues. The checks can be made from multiple regions in the world.
- The SPF Surveyor: The SPF Surveyor is a powerful SPF diagnostic tool that gives you a visualization of your SPF records. This helps identify which servers can send emails on behalf of a domain or subdomain.
- EasyDMARC: EasyDMARC is another great SPF checker tool that helps ensure that all emails coming from your domain or subdomain are legitimate. It helps show issues like wrong syntax or optimization problems.
Final Word
SPF records for domains specify authorized mail servers for a domain and help prevent email spoofing, phishing attacks, and spam. They are essential for reliable email delivery.
If you need help building and hosting your new website check our list of best website builders and choose the best web hosting service.
Build Your New Website With The Best Website Builder Picks
Provider | Best For | Expert & User Reviews | |
---|---|---|---|
AI-Powered Tools | Hostinger Review | Visit Hostinger | |
Quality Design | Squarespace Review | Visit Squarespace | |
Affordable Plans | IONOS Review | Visit IONOS |
Next Steps: What Now?
- What is a subdomain? – Learn more about what subdomain is and how they can help your blog, online store or customer support service stand out.
- Choose a hosting provider – Building an ideal website for your online business or personal needs is not enough, choose a hosting provider that will make a new home for your website online.
- Build an e-commerce website – Showcase your products through a fully-customized online store.
Learn More About Subdomains
How to Create a Subdomain for a Primary Domain: Comprehensive Guide
How to Create a Subdomain in GoDaddy with and without cPanel
What Is a Subdomain: Everything You Need to Know
Subdomain vs Subdirectory: Which is Better for SEO?
Domain vs Subdomain: What They Are and What’s the Difference?
How to Find All Subdomains of a Domain with Free Online Tools
Wildcard Subdomains: What They Are & How To Set Them Up
How To Redirect a Subdomain to Url: A Complete Guide
DNS Record for Subdomain: CNAME, DMARC, A Records & more
Email Subdomain: What It Is & How to Use It
SSL Certificate for Subdomain: How to Pick and Install the Right One?
How to Create a Subdomain in cPanel: Step-by-Step Guide
Subdomain Delegation to Another DNS Service Provider: Complete Guide
NGINX Subdomain Tutorial and Setup Guide
How to Create a Subdomain in Namecheap Hosting
Subdomain Takeover: What It Is and How to Prevent It
SEO for Subdomains: Benefits, Disadvantages & Strategies for Success