Sender Policy Framework (SPF) and Salesforce SPF Record
|Knowledge Article Number||000232181|
|Description||This article describes Sender Policy Framework
|Resolution||Sender Policy Framework
Sender Policy Framework is a simple email-validation system designed to detect email spoofing by providing a process to verify which providers are permitted to send emails on your behalf. It also aims to reduce the number of spam and fraud by making it harder for anyone to hide their identity.
If you’re sending an email from a Salesforce application and your domain is abc.com, you can create an SPF record that authorizes Salesforce.com mail servers as allowed mail servers for abc.com domain. When the recipient receives your email, it checks the SPF record of abc.com to determine if it’s a valid email. Message will have a high chance of delivery if it’s valid. Otherwise, the server can reject the message as spam or not deliver the email.
In line with this, Salesforce has implemented an SPF record for our domain. We encourage our customers to implement SPF records for their domain(s) band including "_spf.salesforce.com" in their SPF record. By including "_spf.salesforce.com" in their SPF record, the emails our customers send from the Salesforce application to their customers will have a higher probability of ending up in the recipients mailbox; if it is not include there is a possibility that mail will end up in bulk/junk/spam folder or not be delivered.
A sample SPF record is:
"v=spf1 mx include:_spf.salesforce.com ~all"
Include the following string in the spf record include:_spf.salesforce.com
Adding an SPF record is effective only if the "Enable compliance with standard email security mechanisms" setting is not selected. You can find the setting in the Deliverability section in Setup.
To create an SPF record you can utilize the following resource (or simply utilize one of the numerous online SPF generators):
To test if a domain has an SPF record or to validate if the syntax is correct:
You can find more information on SPF records at the Sender Policy Framework project's website
If an organization has reached the SPF DNS lookup limit, then it is possible to add the Salesforce IP addresses to the SPF record with the IP4 mechanism. Please be aware that the IP addresses to include in the SPF record may change if additional IP addresses are added or your organization is migrated or split.