Getting your email accepted, step 1 implement SPF

Without additional set-up work, anyone can send an email that appears to come from your domain, rather like you can write any return address you want on a letter that you send. For email, the return address, known as the return-path, is part of the email’s envelope added by the sender. The Sender Policy Framework (SPF) is a way of telling the world which mail servers can send an email with your domain as the return-path.

Why bother with SPF?

SPF emerged in the early 2000s and was published as a proposed standard back in 2014. Now it is widely accepted and the absence of an SPF record for a domain is taken as a strong indicator the domain is poorly set-up, which increases the chance email related to the domain is routed to spam and may also have an impact on your domain’s reputation. In short, your customers and suppliers are less likely to receive emails from you.

If you intend to automatically forward emails send by Bike Rental Manager, please take a look a the article “Forwarding BRM emails”.

Setting up SPF

SPF is easy to set-up and there are numerous free tools to help you, and reputable services that send emails for your domain will provide help to set it up correctly for their service. For example:

You can find help in setting it up, for example, https://www.spfwizard.com/ from easyDNS.
There are services that check SPF records, for example, the SPF Record Checker from DMARC Analyzer.

To set-up SPF you add a text record to your domains DNS entries that say which mail servers can send email from your domain and what recipients should do if it comes from somewhere else. For a simple case where all outgoing email is only sent from the same servers that receive your domain's email it looks something like this:

"v=spf1 mx -all"

This says any email for your domain will be sent from your mail servers listed in the domains MX records and if they are not it should be rejected.

If you use an email provider then they will typically have instructions on how to set-up an SPF for your domain. For example, Google’s G Suite has instructions in the article Help prevent email spoofing with SPF records. If you use G-Suite your SPF record will look something like this:

v=spf1 include:_spf.google.com ~all

This says any email for your domain will be sent from Google’s mail servers and if they are not it should be accepted and tagged as non-compliant.

Notice the include, this feature of SPF allows you to include other organisations SPF settings in your record. The beauty of this is that the organisation responsible for sending emails maintains the included SPF records. So, in this example, Google is responsible for maintaining the list of valid G-Suite outgoing mail servers.

SPF can handle situations where you use many third parties to send emails on your behalf, for example sending marketing emails, invoices and so on. Any reputable third-party service should provide help to set up SPF correctly with minimum hassle. The DMARC operation resource centre maintains a directory of email sources and their capabilities of sending authenticated emails on your behalf.

Your SPF record and Bike Rental Manager.

You do not need an SPF record to use Bike Rental Manager but having a good reputation as an email domain is important for your business and the side effects of a poor reputation may impact the deliverability of emails Bike Rental Manager sends to your customers that references your domain, for example as a reply-to address. We strongly recommend you set-up an SPF record.