Configure SPF

Sender Policy Framework (SPF) is used by email receivers to detect email spoofing. Using SPF, an email receiver can check if the Internet Protocol (IP) is explicitly authorized to send for that domain. SPF is implemented by publishing a special TXT record to a domain's DNS records. The TXT record declares which hosts are allowed to send mail on behalf of this domain. Receiving mail servers check the SPF records of sending domains to verify that the email's source IP address is authorized to send from that domain. Without SPF, a spam or phishing email can be “spoofed” to appear that the email comes from a legitimate domain. Domains that implement SPF are much more likely to block emails attempting to spoof your domain. For an overview of how SPF works, see Sender Policy Framework. For details on SPF record syntax, see SPF Record Syntax.

The Approved Senders section within the Console provides validation of an SPF record for each of your approved senders. SPF is required for subdomains of and recommended in other cases.

Using the Console

To configure SPF:

  1. Open the navigation menu and click Developer Services. Under Application Integration, click Email Delivery. In the Resources menu, click Approved senders.
  2. Select the checkbox for the approved sender you want to view SPF details for and click View SPF.

    You can search for an approved sender by using the Search field. Addresses can be sorted alphanumerically or by creation date in ascending or descending order.
  3. The Manage SPF dialog box appears indicating whether an SPF record for the approved sender exists.

    If your domain does not currently have an SPF record, the information necessary to add an SPF record in your DNS setup is displayed. See Managing DNS Service Zones for instructions on adding a zone record in Oracle Cloud Infrastructure. If your DNS setup resides with another provider, please reference their documentation for adding a TXT record to your domain.

    • In your DNS setup, create a TXT record and paste the following information into the record based on the sending region:

      Sending Region SPF Record
      Americas v=spf1 ~all
      Asia/Pacific v=spf1 ~all
      Europe v=spf1 ~all
      All Commercial Regions v=spf1 ~all
      Government Regions
    • If your domain currently has an SPF DNS record, you must update your record in order to successfully use Email Delivery.

    • The following is an example of a command used to view an SPF record:

      dig -t TXT +short
      Example output:
      "v=spf1 ip4: -all"
    • If you're using other email providers in addition to Email Delivery, you'll need to combine the include statements from your other providers with Email Delivery.