Projects on Dropsolid Experience Cloud uses Sendgrid services to send out emails. If you use a service that verifies if emails sent out in name of your domain or organisation, it is important to allow Sendgrid as one of the allowed sender services.
Sender Policy Framework (SPF) is an email authentication standard developed by AOL that compares the email sender’s actual IP address to a list of IP addresses authorized to send mail from that domain. The IP list is published in the domain’s DNS record.
Most information below is borrowed from the documentation of Sendgrid. Original document can be found here: https://sendgrid.com/docs/glossary/spf/
SPF and sender authentication
If you have an SPF record set for your root domain (i.e. yourdomain.com), you must add
include:sendgrid.net before the all mechanism of this record. If you do not have an SPF record for your domain you must create a TXT record with the value:
v=spf1 include:sendgrid.net ~all
Do not create more than one SPF1 record for a given domain. If you need more than one SPF record, you will want to merge the additional SPF records into a single SPF record.
Already have an SPF record for your domain?
No problem. You simply need to add the SendGrid include mechanism lookup into your existing record.
For example, if your record looks like this:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com ~all
You would just need to add our lookup at the end of the string, before the
~all mechanism, like so:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com include:sendgrid.net ~all
Don't want to include another hostname lookup?
If you would rather not include SendGrid's SPF hostname lookup in your record, or perhaps you just have too many already, you can also choose to give permission to a specific IP address to send mail for your domain. This is accomplished using the ip4 mechanism.
You can choose to specify our dedicated IP address as a lookup, meaning that only mail coming from the particular IP address owned by Dropsolid will be considered a permitted sender within SendGrid for that domain. An example of such an include looks like this:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com ip4:220.127.116.11 ~all
For more information on SPF best practices and syntax, check out www.openspf.org
3rd Party Tools
These are some tools that might be useful to you. We do not own or support these tools, so use them at your own risk. However, we hope that they are helpful.
There is an experimental tool called the dmarcian SPF Record Flattener, which should be considered experimental. From their site: "[this tool] rewrites this record by removing duplicate netblocks, collapsing any overlapping netblocks, and using 0 DNS-querying mechanisms/modifiers."
If you choose to use this functionality, we suggest that you test it extensively to make sure that your customers will receive your emails and their servers can look up your records properly.
The SPF Wizard is a browser based SPF record generation tool. Fill out the form and the site generates an SPF record for you.