Articles in this section

SPF entry Configuration, Setup, and Verification

Updated

For the Email Signature Server to work without issues, the SPF entry on the DNS records must be configured.

  Prerequisites

  • Templafy Email Signature Server.

Requirements

  • If an email sent by xxx@domain.com goes through the mail flow rule, the domain needs the SPF record.
  • Always use inclusion rules for mail flow.
  • When a new domain is added to the Exchange subscription it needs first get its SPF set before adding it to ESS mail flow rule inclusion list.

Templafy-Hosted Implementations

The IP list is automatically handled and managed by the deployment. All IPs for a cluster are included in one DNS entry.

Based on the region, add the SPF entry of each email sending domain's DNS record.

  • APAC/Australia based cluster: include:essaue0.templafy-ess.com.
  • EMEA/Europe based cluster: include:essprod0.templafy-ess.com.
  • NA/USA based cluster: include:essuse0.templafy-ess.com.

Client-Hosted Implementations

Depending on the implementation, you can choose either the Load Balancer IP or DNS-based SPF record. To create a DNS-based record add a TXT record in your DNS zone.

Name: any name that would help you identify the SPF entry. E.g. templafy 
Type: TXT TTL: 3600 
Value: v=spf1 ip4:123.456.7.89 ~all -> replace IP with the real one.

Validation

SPF validation is required. A good tool for validating it is https://www.spf-record.com/spf-lookup.

Troubleshooting

SPF entry max length

The SPF can have at most 255 characters. For cases in which the length is exceeded, the entry needs to be split into multiple valid SPF strings.

"v=spf1 ip4:123.......... ... ip4:123... include:essprod0.templafy-emailsignatureserver.com" => 260 characters.
Then, the SPF checkers will automatically split after 255 characters, resulting in:
"v=spf1 ip4:123.......... ... include:essprod0.templafy-emailsignatu" "reserver.com"
This would break the entry for our SPF record. 

Correct approach:
"v=spf1 ip4:123.......... ... ip4:123..." " include:essprod0.templafy-emailsignatureserver.com" 240 characters + the rest Split before the definition starts.

Too many lookups

SPF can perform at most 10 recursive lookups. Even though our SPF entry requires only one, the SPF verification process might fail on another SPF entry. As the validation is done in the order they are written, we recommend always having the mail sending sensitive SPF records first: Templafy and Outlook.

Related to

kubernetes Graph API tech_role
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.