How to interpret EasySPF data, implement EasySPF, and manage EasySPF in the long term
How to interpret EasySPF data
First, let’s take a look at this domain which contains an SPF TXT Record like this:
v=spf1 include:mktomail.com include:spf.mandrillapp.com include:servers.mcsv.net include:mail.zendesk.com include:stspg-customer.com include:sendgrid.net include:amazonses.com include:_spf.google.com ~all
For this specific example, the EasySPF portal will provide this information:
- Source Name: This is the name of your Email Service Provider. Our system identifies more than 1,400 Email Sources to provide relevant information about their system’s SPF and DKIM configuration steps
- Volume: This is the number of outgoing email volumes from a specific source, observed from your DMARC Aggregate Reports
- SPF Part: This contains the include: mechanism with the given Source. For example;
- Google uses include:_spf.google.com
- Zebdesk uses include:mail.zendesk.com
- and so on…
- SPF Capability: This tab represents how ESPs handle the SPF domain. It is important to understand that SPF checks against a specific MailFrom or Return-Path address (which is best referred to as SPF Domain) and it differs with multiple providers.
When it comes to DMARC, you need to have your From: address (which is your own domain), align with the SPF Domain (which is the MailFrom or Return-Path domain). If the email source you’re using appends its own domain in the MailFrom or Return-Path domain, you don’t need to whitelist that source in your domain’s SPF record. To read more about Alignment and how ESPs get SPF Wrong, please check this article.
Now, heading back to the actual data, here are the 3 main options we let you see and analyze in your EasySPF Dashboard:
- Capable - This represents that the specific source lets you use your own domain in the Return-Path or MailFrom: section, and you need to have their hostname/domain whitelisted in your SPF Record.
- Non-Capable - This represents that the specific source uses their own domain in the Return-Path or MailFrom: section, and you don’t need to have their hostname/domain whitelisted in your SPF Record.
- Subdomain capable - This represents that the specific source lets you use your subdomain in the Return-Path or MailFrom section, and you need to have their hostname/domain whitelisted in your subdomain’s SPF Record (and NOT in your root domain).
How to implement EasySPF
- Now, coming back to the EasySPF dashboard, you can remove the checkmark for the sources which were marked as “Non-Capable” and “Subdomain Capable”, and then click on “Save”
- Click on “Setup-DNS”
- You will be provided with a flattened SPF Record that needs to be updated in your DNS
- Copy the new Record, and replace it with your current SPF Record from your DNS
- After properly updating your SPF record, go back to your EasySPF dashboard and click on “Verify DNS”. (Keep in mind that propagation can take around 3-5 minutes
- After proper activation and propagation, you will get to see “ACTIVE” result, which indicates your EasySPF has been properly implemented
How to manage EasySPF in the long term
One of the important factors is managing your SPF Record in the long term process, as organizations are dynamic and a new email source may come to life in your organization that needs to be whitelisted.
We’ve simplified these steps for you.
For example, your company decides to use 2 different sources, such as:
- Dedicated IPv4 address 126.96.36.199
In order to whitelist all these, you need to take the following steps:
- Head to your EasySPF Portal
- Click on “Add Source”
- For Microsoft; add the Source Name, SPF part type (in this case, include:), SPF part type value (in this case, spf.protection.outlook.com) and add an optional Note and click on Save
- For your dedicated IP4 address, add the Source Name, SPF part type (in this case, ip4:), SPF part type value (in this case, 188.8.131.52, and add an optional Note and click on Save
After adding the new sources, you should see them updated in your EasySPF portal. Make sure to click on “Save Record” and done!