We use cookies
We use cookies to optimize our website. By continuing to browse the site, you agree to our use of cookies.
Control panel
  • Русский
  • Українська
  • English
  • UAH
  • USD
  • RUB
  • EUR
  • 0-800-307-307 Hotline
  • +38 (044) 392-74-33 Kiev
  • +38 (057) 728-39-00 Kharkiv
  • +38 (056) 794-38-31 Dnipro
  • +38 (032) 229-58-93 Lviv
  • +38 (048) 738-57-70 Odessa
  • +38(093) 170-15-42  Life
  • +38 (067) 400-88-44 Kievstar
  • +1(888)393-24-51  USA, Toll free
  • +44(131)507-01-14  Great Britain
  • +7 (499) 348-28-61 Moscow

2.24.5.1. SPF setting

An important point:

  • If in Domain MX records our servers are specified, then in the SPF record can't indicate Key +mx, as this will lead to problems with the delivery of letters. For the correct sending of mail from our servers, it is enough to specify include:_spf.ukraine.com.ua.
  • The domain must have only one SPF record. If you need to take into account several mail services at once, they need to be combined into one SPF record.

SPF (Sender Policy Framework) - an extension for the protocol for sending email via SMTP. Thanks to SPF, you can check if the sender's domain has been tampered with.

SPF allows the domain owner to specify in the TXT record corresponding to the domain name a list of servers that are allowed to send e-mail with return addresses in that domain. Mail transfer agents receiving mail messages can request SPF information using a simple DNS-request, thus verifying the sender's server.

Without an SPF record, many mail services can send all mail sent from domain mailboxes to spam, regardless of its content.

If the domain mailboxes are hosted on our hosting and the domain is served on our NS, then for setting SPF set our MX records... Moreover, in domain settings the required SPF record will also be automatically added.

Example of domain settings with added SPF record:

If the domain mailboxes are hosted on our hosting, but the domain is served on the NS of another provider, add the following TXT record in the owner panel of these NSs:
v=spf1 include:_spf.ukraine.com.ua ~all

An SPF record consists of many keys used to form suitable and correct rules. After specifying the key, you need to set the symbol : and specify the required node.

Frequently used and important keys:

  • v=spf1 - SPF version.
  • Parameters defining behavior for the specified keys:
    • + - parameter indicating the receipt of letters (Pass). Installed by default if there are no others.
    • - - reject (Fail). The letter will not be accepted.
    • ~ - "soft" deviation (SoftFail). The email will be accepted but marked as spam.
    • ? - neutral perception of the sender.
  • Keys for defining nodes:
    • mx - includes all server addresses specified in the MX records of the domain. Important: do not use this key if the domain uses our MX, as they are not involved in sending letters and specifying such a key may lead to errors.
    • ip4 - indication of specific IP.
    • ptr - checking the PTR record for the specified domain.
    • exists - domain health check. It is important to keep in mind that this check will also give a positive answer if addresses of the form 127.0.0.1 etc., which makes its use rather questionable.
    • a - applying rules to a specific domain by comparing the sender's IP address with the IP address specified in the domain's A-records.
    • include - use of allowed nodes specified in SPF records of another domain.
    • redirect - the rule indicates that the SPF policy used for this domain is specified in another domain. Somewhat analogous to include ignoring the records of the current domain.
    • all - all addresses not specified in the record.

The rule for sending letters from our hosting most often looks like this:

v=spf1 include:_spf.ukraine.com.ua ~all

This rule specifies that messages sent from the hosts specified in the record _spf.ukraine.com.ua, are allowed and will be delivered, while those sent from other servers will be delivered but marked as spam.

To specify multiple servers, just list them. Examples:

  • Sending from our mail and from our own server mail.example.com is used:
    v=spf1 include:_spf.ukraine.com.ua a:mail.example.com ~all

    In this case, letters sent from our hosting servers, as well as from the server whose IP address is specified in the A-record of the mail.example.com domain, will be delivered successfully.

  • It is required to allow sending from one domain, but deny from another:
    v=spf1 +a:mail.example.com -a:mail.example.org ~all

    In this case, sending from the servers pointed to by the A-record of the mail.example.org domain will be prohibited and messages will be rejected.