SPF and DMARC

What is SPF?

The Sender Policy Framework (SPF) is an email-authentication record that is used to prevent spammers from sending messages on behalf of your domain. Using SPF allows you to define and publish a list of authorized mail servers/senders. SPF provides the receiver information about how trustworthy an incoming email is. SPF records are listed with your domain's DNS host and can easily be updated to new services and systems as needed.

SPF Best Practices

Check MXToolbox against your domian to see your current SPF record and DNS host. You'll want to make sure that your SPF record includes any and all potential email sending services/hosts, and nothing else. IF you host your own DNS, you will be able to make changes to your SPF record with your domain registrar. If you see *.usg.edu listed as your DNS host, that means GPLS manages your DNS records for you and any changes will need to be requested through our helpdesk.

Here is the SPF record for an example library:


v=spf1 include:_spf.google.com ip4:168.25.131.21 ip4:168.25.131.22 ~all


Let's break this down:

v=spf1 - This is the SPF record version. This should be the opening of all SPF records.

include:_spf.google.com - This includes all Google services as approved senders. This is required if you use Google as your email platform.

ip4:168.25.131.21 ip4:168.25.131.22 - These are approved sending IPs. In this case, these are the PINES servers that may send mail on behalf of your domain.

~all - This is a soft fail for all other mail. Because of this, any other sending service not listed here will still be allowed to send, however, most receiving mail clients will flag the email as potentially dangerous or spam.


The SPF record above is an excellent example of a standard SPF record for a library domain that uses PINES and GPLS's Google email. If your library has additional sending services, you may want to add them to your SPF record. Potential examples include:

Contact form from a GPLS hosted website: ip4:168.25.130.207

Marketing or mass mailing service, such as Constant Contact: spf.constantcontact.com


PINES SPF information

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. DMARC is an extra, more secure, layer of protection similar to SPF.

If you are interested in configuring a DMARC record for your domain and would like assistance from GPLS please open a ticket.