SPF Record Set-up: What to include for IPv4 and IPv6 records?

Hi!

I am working on setting up my SPF record but I need some help on what to include for my IPv4 and IPv6 records.

I use Google Workspace as my main email provider, but I also use ActiveCampaign for newsletters (which sometimes go to spam) and a client management system that is linked up to deliver emails from my main domain but is having a deliverability issue, hence why I’m here.

When I test sending from the client management system I get this error: “Unknown SPF issue. SPF is defined and the syntax is correct, but an unknown error is occurring.”

Regarding the SPF record, I use the same domain for all 3 services. So would I need to find and include the IPv4 and IPv6 records for all of the applications or just for Google?

If just for Google, I can’t find those numbers. Only this line of text:

v=spf1 include:_spf.google.com ~all

Lastly this may be a dumb question but I’m questioning my intelligence at this point: The domains I want included in this record… just my main one, right?

I’ve been Google’ing this for longer than I’d like to admit and have a million tabs open. Please help!

And THANK YOU in advance!

Welcome to the Cloudflare Community. :logodrop:

Email is a far more complicated topic than many think it is. Don’t question your intelligence. :wink:

Unless you already use dedicated email subdomains for specific purposes, let’s table that conversation for now.

No. While your record will contain those values, you aren’t going to be directly referencing them. You will use the include: mechanism.

You can only have one SPF record at any particular label. Let’s focus on your main domain, example.com and its Google Workspace mail. What you have is shown is a good starting point. You can merge elements from other templates into it as needed. Just be sure that you do not exceed 10 DNS lookups or the SPF record will not work.

Assuming that one of your ESPs is example.net and has their customer SPF record at client.example.net, you could merge it into your existing SPF as follows:

v=spf1 include:_spf.google.com ~all
becomes
v=spf1 include:_spf.google.com include:client.example.net ~all

I recommend the free SPF Surveyor tool that dmarcian offers.

They also have reference site for the SPF and DKIM capabilities of various email service providers.

2 Likes

THANK YOU SO MUCH!!

Your reply was super helpful and I am bookmarking it for future reference!

Because I love closure I wanted to let you know what happened :point_down:

I tested my domain using the dmarcian link you sent (thanks again!) and it confirmed something was off.

Looking at my DNS I saw I had this S P F record in there: v=spf1 include:dc-aa8e722993._spfm.mydomain.com ~all

I don’t recall ever adding it so I just updated it to v=spf1 include:_spf.google.com ~all

I re-tested using the dmarcian link you sent and it said it was valid!

After re-testing my client management system (Honeybook) it said “…the email authentication records on your custom domain are defined.”

For my ESP (ActiveCampaign) I did a bit more Google’ing I found a SKIM + SPF checker from them. Here is the link for anyone that might need it: Authenticate Email with SPF, DKIM, DMARC | ActiveCampaign.

After using the checker to check my domain the results mentioned that their IPs don’t need to be allowlisted because ActiveCampaign manages S PF for users via the user’s Mailserver Domain. (Apparently that was never a concern.)

So all of that is to say that unless you suggest that I need to re-add the include:dc-aa8e722993._spfm.mydomain.com text to my newly updated SPF, I think I am all set!

Regardless, thank you so much again for your help!

1 Like

I am very happy to hear those results. Thanks for coming back to share them along with the additional resources that you found.

Based on the information that you initially provided, you most likely do not need that in your SPF record.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.