SPF Record

Basics

An SPF record is used to prevent email spam. It specifies which servers are authorized to send emails on behalf of your domain. If someone tries to spoof emails from another server, the receiving mail server detects this through the SPF check and either rejects the email or marks it as spam. This way, the SPF record protects your domain from being misused for phishing or spam, for example.

SPF Configuration for our mailcow Systems

To ensure that an up-to-date list of valid sending addresses for mailcow is always stored in the DNS, the following SPF TXT record is recommended:

v=spf1 include:spf.mailcow.de ~all

Note

The name (i.e., the first part in the DNS) of the record remains either empty or matches your domain name if an empty name is not accepted.

This SPF record ensures that only the servers listed in the SPF entry are authorized to send emails on behalf of the domain.

If an email is sent from an unauthorized server, it would still be accepted but marked accordingly (soft fail).

Alternatively, the parameter ?all can be used to mitigate issues with email forwarding.

The list of sending servers should be extended to include any address from which legitimate email traffic on behalf of your domain is expected. For example, if you run a blog or a website that automatically sends emails without using mailcow as a relay (e.g., via the PHP mail() function), you need to extend the SPF entry accordingly. A technical description can be found here.

To authorize the IP address 1.2.3.4 for sending emails on behalf of your domain, use the following SPF entry:

v=spf1 ip4:1.2.3.4 include:spf.mailcow.de ~all