Information for: DEVELOPERS   PARTNERS

Configuring SPF records for domains on Cloud Platform


EOL notice! Legacy Email support will reach end-of-life on February 1, 2022. For more information, see Legacy Email Retirement FAQ. To begin configuring Platform Email Service for your application, see Configuring a domain.

The Sender Policy Framework (SPF) is an open standard which specifies a technical method for preventing sender address forgery. The current version of SPF (also called SPFv1 or SPF Classic) protects the envelope sender address used for the delivery of messages.

SPFv1 allows domain owners to specify their email sending policy. For example, you can specify the email infrastructure you want to use to send emails from your domain. This technology requires action on both sides of the email exchange. For example, when a domain owner publishes information in an SPF record in the domain’s DNS zone, and someone’s email infrastructure receives a message claiming to come from th domain, the receiving infrastructure can determine if the message complies with the domain’s stated policy. If the message comes from an unknown infrastructure, it can be considered a fake.

If you receive a Sender address rejected message, it may indicate there are missing or incorrect SPF records. For help with resolving other email issues, see Troubleshooting Drupal email issues.

Domain registrars require a TXT entry for your SPF record. In this case, you must add Acquia’s SPF entry to your TXT record as shown in the following example:

If your SPF record looks similar to the following:

v=spf1 -all

The resulting TXT record would be:

v=spf1 -all

SPF records must all exist on the same TXT record. Adding many TXT records with differing SPF data may have unexpected results.

Based on the structure of an SPF record, the SPF rule will execute as follows:

  1. Check Acquia’s defined SPF records for mail infrastructure and allow them
  2. Check Google’s defined SPF records for mail infrastructure and allow them
  3. Deny all others

The configuration says you authorized the domains (Acquia and Google) to send an email on your behalf. Directions for updating your record will vary depending on your DNS provider. Here are links to specific instructions for Network Solutions, GoDaddy, and EasyDNS.


Acquia doesn’t support allowlisting of its mail infrastructure IP addresses. These IP addresses can change at any time. Acquia supports only SPF allowlisting.

If you’re not sure if your SPF records are correct, you can validate your records using an online SPF record testing tool.

Sending DMARC-compliant emails

If your application must send Domain-based Message Authentication, Reporting and Conformance (DMARC-compliant) emails, Acquia recommends you send the emails using a third-party email service.