Loading
Email in Marketing Cloud Engagement
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Sender Policy Framework and Authentication FAQs

            You are here:

            1. Salesforce Help
            2. Docs
            3. Engagement: Email Studio

            Sender Policy Framework and Authentication FAQs

            A Sender Policy Framework (SPF) record is a list of IP addresses that are allowed to send email from your domain. The IP list authenticates that email from your domain is from you and helps protect your brand by reducing the chance that your email is mistaken for spam.

            How does SPF work?

            When an ISP receives an email from somebody@example.com via IP address 1.2.3.4, the ISP checks the SPF or record at example.com. If 1.2.3.4 is on the list, the email is genuine. If not, the email can be a phishing attempt or spoof and can be filtered, rejected, or discarded.

            ISPs use SPF when deciding which email to reject. By publishing an SPF record, you prove that you aren’t phishing or spoofing. Large ISPs and webmail providers, such as AOL, Gmail, and many others, look for Sender ID records as one of their measures to determine whether an inbound email message is legitimate. Some anti-spam and security systems used in corporate networks look for an SPF record as well.

            Sender ID is a deprecated Microsoft Hotmail version of SPF. Because the specification is deprecated, Outlook.com doesn’t use Sender ID when examining inbound mail.

            What do SPF records look like?

            An SPF record is a simple text (TXT) record placed in the DNS for a domain.

            Example:

            v=spf1 ip4:207.67.38.0/24 ip4:207.250.68.0/24 ip4:64.132.92.0/24 ip4:64.132.88.0/24 -all

            How do I create an SPF record?

            If you use the Sender Authentication Package and its domain is delegated to Marketing Cloud Engagement name servers, SPF is already implemented. Otherwise, use these steps to create an SPF record.

            Access the control panel for your DNS provider or domain registrar. Create a DNS entry of type TXT for the domain. Leave the hostname or subdomain field blank. For the DNS entry field, use one of these options.

            • If you use the domain for sending mail only with Engagement, enter v=spf1 include:cust-spf.exacttarget.com -all.
            • If you use this domain for sending mail with Engagement and another service, cover any other IP addresses that send email. For example, if you have a corporate exchange server at IP address 1.2.3.4, enter v=spf1 ip4:1.2.3.4 include:cust-spf.exacttarget.com -all.
            • If your company has a block of addresses, enter the block in CIDR notation. For example, if you have IP addresses from 192.168.92.0 through 192.168.92.255, enter v=spf1 ip4:192.168.92.0/24 include:cust-spf.exacttarget.com -all.

            When formatting your SPF record, end it with an “all” mechanism to indicate what to do with an email that fails authentication: either soft fail (~all) all or hard fail (-all) all.

            Note
            Note Hotmail provides the strongest deliverability boost only to -all. Therefore, we recommend that SPF or Sender ID records use -all.

            Can you manage this information for me?

            The Sender Authentication Package provides SPF and Sender ID, DomainKeys, DKIM authentication, and more.

             
            Loading
            Salesforce Help | Article