Help Center

Set up SPF Records

Before relaying messages through the MailChannels Outbound filter, SMTP Authentication but be configured to allow a MailChannels owned IP to deliver messages on behalf of your domains(s).

Accurate Sender Policy Framework(SPF) records must be configured in your DNS zone settings to ensure that Internet receivers will properly identify and receive your email messages.

Using WHM/cPanel? Skip the manual setup and let our plugin do this automatically. Try our MailChannels cPanel plugin!

SMTP Authentication

DNS TXT Record(s)

The following records are needed for SPF to work correctly. Replace example.com with your own domain name:

Location

  Type

  Value

example.com

  TXT   

  v=spf1 a mx include:relay.mailchannels.net ?all

 

   

If you already have an SPF record, simply add include:relay.mailchannels.net to this entry. Make sure to add it BEFORE the “all” mechanism as “all” always matches and typically goes at the end of the SPF record.

Note: DKIM keys can be correctly added for Cpanel using our Cpanel - DKIM Configuration Guide.

 

Non-plugin cPanel Users

cPanel has made available a script "spf_install" to add spf records in bulk. The "spf_install" script allows you to add SPF records to all the user's domains' zone files from the command line.
 

Reference:

 
Here is simple script with which you can add spf records on all cPanel account or on multiple account.

cd /var/cpanel/users
for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

Note: Please test this thoroughly before implementing this on production servers

 

Next Step: Configure your mail server

 

Was this article helpful?
3 out of 6 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    WebHostingZone

    Do you know how to "mass add" these records to existing domains? I'm running cPanel, but that shouldn't make much difference. All the domains already have their own SPF records.

    Comment actions Permalink
  • Avatar
    active cares

    I am having the same question as "WebHostingZone"

    Comment actions Permalink
  • Avatar
    Troy

    Messages that are signed via DKIM, and that get passed through your relay servers are getting munged. Making the digitally signed messages (and headers) appear as tampered with or spoofed.

    Comment actions Permalink
  • Avatar
    Carlespe

    Why not use the stricter -all rather than ?all. I like to use -all so that mail servers paying attention to spf will not accept spam from compromised machines forging my addresses.

    Comment actions Permalink
  • Avatar
    Grouphosts

    And is there a WHM or cPanel plugin that automates this task every time a cPanel account is created or a new domain is added?

    Comment actions Permalink

Please sign in to leave a comment.