Information for: DEVELOPERS   PARTNERS

Configuring SPF records for domains on Cloud Platform

The Sender Policy Framework (SPF) is an open standard which specifies a technical method for preventing sender address forgery. The current version of SPF (also called SPFv1 or SPF Classic) protects the envelope sender address used for the delivery of messages.

SPFv1 allows domain owners to specify their email sending policy. For instance, you can specify the email servers you want to use to send emails from your domain. This technology requires action on both sides of the email exchange. For example, when a domain owner publishes information in an SPF record in the domain’s DNS zone, and someone’s email server receives a message claiming to come from th domain, the receiving server can determine if the message complies with the domain’s stated policy. If the message comes from an unknown server, it can be considered a fake.

If you receive a Sender address rejected message, it may indicate there are missing or incorrect SPF records. For help with resolving other email issues, see Troubleshooting Drupal email issues.

Domain registrars require a TXT entry for your SPF record. In this case, you must add Acquia’s SPF entry to your TXT record as shown in the following example:

include:_spf.acquia.com

If your SPF record looks similar to the following:

v=spf1 include:_spf.google.com -all

The resulting TXT record would be:

v=spf1 include:_spf.acquia.com include:_spf.google.com -all

SPF records must all exist on the same TXT record. Adding many TXT records with differing SPF data may have unexpected results.

Based on the structure of an SPF record, the SPF rule will execute as follows:

  1. Check Acquia’s defined SPF records for mail servers and allow them
  2. Check Google’s defined SPF records for mail servers and allow them
  3. Deny all others

The configuration says you authorized the domains (Acquia and Google) to send an email on your behalf. Directions for updating your record will vary depending on your DNS provider. Here are links to specific instructions for Network Solutions, GoDaddy, and EasyDNS.

Note

Acquia doesn’t support whitelisting of its mail server IP addresses. These IP addresses can change at any time. Acquia supports only SPF whitelisting.

If you’re not sure if your SPF records are correct, you can validate your records using an online SPF record testing tool.

Sending DMARC-compliant emails

If your application must send Domain-based Message Authentication, Reporting and Conformance (DMARC-compliant) emails, Acquia recommends you send the emails using a third-party email service.