All Collections
How To...
Setup SPF Records For User Emails Sent From iCAT Cloud
Setup SPF Records For User Emails Sent From iCAT Cloud
Support MD avatar
Written by Support MD
Updated over a week ago

The iCAT Cloud outgoing notification email will be sent with the “From” address you setup in your iCAT account “System Settings”. To help prevent other email server from seeing your emails as spam you will need to setup a proper DNS TXT SPF record

Setting the SPF Record

Sender Policy Framework (SPF) is an open standard aimed at preventing sender address forgery. This article describes how the SPF is configured for use with iCAT Cloud outgoing emails.

SPF uses the value in the Return-Path header for the DNS lookup to determine the permitted senders for the domain.

If you have an SPF record set for your root domain (i.e. example.com), you must add include:_spf.icatsoftware.com before the all selector of this record. If you do not have an SPF record for your domain you must create a TXT record with the value:

v=spf1 include:_spf.icatsoftware.com ~all

Note: An SPF1 record is invalid if you have more than one SPF1 record for a given domain. In this case you will want to merge the additional SPF records into one SPF record:

Example:

v=spf1 ip4:67.206.104.19 ~all

v=spf1 include:_spf.icatsoftware.com ~all

The above text will cause the SPF check to fail because there are multiple records. Instead, add the mail server's IP address just before the ~all argument using the format ip4:address or ip6:address to add the server to your existing SPF record:

v=spf1 ip4:67.206.104.19 include:_spf.icatsoftware.com ~all

Note: You also cannot have more than 10 DNS lookups in your SPF record:

Many people may not realize it, but the Sender Policy Framework (SPF) specification has a limit on the number of DNS lookups (10) required to fully resolve an SPF record. One typically quickly exceeds this limit through the reckless use of the include modifier.

Section 10.1, "Processing Limits" of the SPF RFC specifies the following in regards to DNS lookups:

“SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier. If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit. The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated.”

This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks.

Is your SPF record validating? You might want to find out here:http://www.kitterman.com/spf/validate.html

For more details on the SPF format, seeSender Policy Framework.

Keep in mind that changes to DNS records may take up to 48 hours to propagate throughout the Internet. If you have difficulty creating an SPF record, contact your domain provider for assistance.

Did this answer your question?