Information for: DEVELOPERS   PARTNERS

Configuring SPF records for domains on Acquia Cloud

The Sender Policy Framework (SPF) is an open standard which specifies a technical method to prevent sender address forgery. More precisely, the current version of SPF (called SPFv1 or SPF Classic) protects the envelope sender address used for the delivery of messages.

SPFv1 allows domain owners to specify their email sending policy; for example, which email servers they use to send email from their domain. The technology requires actions on both sides of the email exchange: the domain owner publishes the information in an SPF record in the domain’s DNS zone, and when someone else’s email server receives a message claiming to come from that domain, the receiving server can determine if the message complies with the domain’s stated policy. For example, if the message comes from an unknown server, it can be considered a fake.

If you are receiving the message Sender address rejected, this is often caused by missing or incorrect SPF records. For assistance with resolving other email issues, see the Troubleshooting Drupal email issues Knowledge Base article.

Some domain registrars require a TXT entry for your SPF record. In this case, you must add all of the Acquia mail servers as one TXT record, rather than creating a separate entry for each of the servers. This is a TXT rule versus putting only the domain name in a text field. The following example demonstrates the recommended format:

v=spf1 mx include:_spf.acquia.com -all

Based on the structure of an SPF record, the rule will execute as follows:

  1. Allows MX records from the host domain
  2. Checks Acquia’s defined SPF records for mail servers and allows them
  3. Denies all others

This configuration says that you authorized the domains (in this case, Acquia) to send email on your behalf. Directions for updating your record will vary depending on your DNS provider. Here are links to specific instructions for Network Solutions, GoDaddy, and EasyDNS.

Note

Acquia does not support whitelisting of its mail server IP addresses. These IP addresses can change at any time. Acquia supports only SPF whitelisting.

The recommended snippet also rejects all non-Acquia domains. If you have SPF records in your own domain, they also need to be added to ensure outgoing mail is handled correctly. For example, Google Apps Business users may need to use the following code:

v=spf1 include:_spf.acquia.com include:_spf.google.com -all

SPF records must all exist on the same TXT record. Adding multiple TXT records with differing SPF data may have unexpected side effects.

If you are not sure if your SPF records are correct, you can validate your records using an online SPF record testing tool.

Sending DMARC-compliant emails

If your application must send DMARC-compliant (Domain-based Message Authentication, Reporting and Conformance) emails, Acquia recommends sending email by using a third-party email service.