.png)
Want your emails to avoid the spam folder?
Setting up an SPF record for your domain is an essential step towards reaching your audience’s inbox.
Problem is: Configuring an SPF can seem complicated.
If Cloudflare is your domain provider, we’ll help you out. After reading this post, you’ll know exactly how to set up an SPF record on Cloudflare.
These are the main steps to set up an SPF record in Cloudflare:
Step 1: Get your email service provider’s SPF record
Step 2: Check your domain’s DNS records for an existing SPF record
Step 3: Add your SPF record to Cloudflare
Step 4: Check if your SPF record is working
.png)
An SPF record lets you specify what servers can send email on your domain’s behalf.
While some use their hosting company’s mail servers for outreach, often you’re better off with a proven email infrastructure like Google Workspace.
If Google Workspace is your ESP, you must add their servers to the SPF record. Similarly, if you use the mail servers of your hosting company, they should be added to it.
If you use Google, then the SPF record to set up should look like this: v=spf1 include:_spf.google.com ~all
If you use your hosting company's email servers, please check their documentation.
You cannot have multiple SPF records in Cloudflare or any other domain provider.
Having multiple SPF records for your domain can lead to authentication failures.
So, before adding an SPF record, let’s check if your domain already has one set up.
If found, you must change the existing SPF record, which you can do in the Cloudflare interface.
Step 1: Log in to Cloudflare
Step 2: Select your domain
Step 3: Click on DNS
Step 4: Now look for a record containing the SPF version prefix: v=spf1
Step 5: If there's an SPF record that doesn't have the same include as in your ESP's record, you need to add it. An include tag holds the authorized sending server. A sending server can also be added as an IP number, in which case you use the ip4 or ip6 tag. To authorize multiple sending servers, you must add multiple include or IP4/6 mechanisms. Here’s an example of an SPF record authorizing multiple sending servers: v=spf1 include:mailgun.org include:_spf.google.com ip4:203.0.113.5 ip4:198.51.100.10 -all
Note: The SPF protocol has a DNS lookup limit of ten. Ensure to remove unnecessary sending servers from your record.
Step 1: Log in to Cloudflare
Step 2: Select your domain
Step 3: Click on DNS
Step 4: Create a new DNS record
Step 5: Set the record’s Type to TXT. Previously, there was an SPF record type, but it has been deprecated. Only TXT records are now used by mail servers to validate SPF.
Step 6: Enter @ in the Name field
Step 7: Paste your ESP’s SPF record in the Value field. If you use your Google Workspace account to send email, your record will look like this: v=spf1 include:_spf.google.com ~all
Step 8: Leave the TTL to the default. TTL means Time To Live: The time in seconds the server should cache your SPF record.
Step 9: Save your record
This is the most time-consuming step of setting up an SPF record. Not because it’s a lot of work, but rather because of the waiting time.
You see, after saving your record, the DNS changes have to propagate first, meaning your record doesn’t become active immediately.
It could take up to three days for your record to propagate fully.
If that shocked you, don’t worry. Usually, your record is good to go after a few hours.
You can use several tools to check the status of your SPF record. One such tool is Mailivery's DNS Status meter.
The status indicator will neatly turn green if your SPF has been set up correctly:
.png)
Cloudflare SPF record not working?
Make sure your SPF record’s syntax is correct! Use Mailivery’s free Syntax Checker to verify it:
Sender Policy Framework.
SPF is an email security protocol designed to prevent spammers from sending emails on behalf of your domain.
Faking the sender's domain of an email is called email spoofing. Cyber criminals love spoofing because it allows them to send phishing emails that seem to come from trusted domains.
Don’t let that be your domain!
When you set up SPF, you get to decide what email servers can send from your domain. Incoming email servers can check your SPF record, and if it comes from a server that’s not in your record, the email will fail SPF authentication.
What does an SPF record look like?
Here’s an SPF record example someone might need to set up on Cloudflare:
v=spf1 include:spf.protection.outlook.com -all
There are three parts to an SPF record:
A hard fail is stricter and better for security.
But when you're first setting up your SPF record, it's safer to start with soft fail for testing.
Once everything works properly, you can switch to hard fail to enforce your policy.
Note: What really happens to emails that fail authentication also depends on other factors like server configuration and DMARC settings.
SPF makes your emails more secure by combating email spoofing.
Which is great news.
However, even better, it’ll also lead to more prospects reading your emails.
Email service providers check if your domain has an SPF record set up. If it does, and it’s configured correctly, they will trust your emails more, leading to better inbox placement.
SPF alone is not enough. You also need to set up your DKIM and DMARC records.
DKIM ensures your emails aren’t tampered with during transit, and DMARC lets you decide what to do with emails that fail SPF and DKIM authentication.
In short, if you want your emails to reach the inbox, book meetings, and drive revenue, you must set up all three: SPF, DKIM, and DMARC.
Setting Up SPF on a Different Domain Provider?
We also have tutorials on:
The easiest way to get responses to your cold emails.
