Skip to main content
All Collections
Set up SPF record
Set up SPF record

Prevent your email from being marked as spam!

Updated over a month ago

You’re probably familiar with spam and phishing emails. You think you’re receiving a message from your bank, for example, but it turns out to be a forgery. Email address spoofing is possible because the email protocol doesn’t typically check whether the person sending the email is authorized to do so on behalf of the sender (the domain). To prevent this, we use SPF and DKIM records.


What is an SPF record exactly?

SPF stands for Sender Policy Framework. It defines which servers are authorized to send emails on behalf of a domain name. The receiving server can then decide, based on the SPF record, whether to allow the email, mark it as unsafe, or reject it entirely.


What is a DKIM record exactly?

DKIM (DomainKeys Identified Mail) is an email security standard designed to ensure that messages are not altered during transmission between sending and receiving servers. It uses public key cryptography to sign the email with a private key when it leaves the sending server.


Why SPF and DKIM?

HROffice is continuously working to strengthen security across all areas. That’s why we are introducing IPV6 for our SMTP server’s SPF and higher encryption for our DKIM. To ensure that emails sent through HROffice don’t land in the spam folder of your candidates and/or colleagues, HROffice recommends adjusting or adding our SPF and DKIM records to your DNS records.


How can you implement DKIM?

To implement DKIM, we would like you to inform us about it. This is because some settings need to be adjusted on our side as well. Please contact our support department at [email protected] or call 023 553 0359. We include this as a standard when implementing a new 'working at' website.


How can I add HROffice’s SPF records to my DNS?

We offer two options for this:

  1. Add the following to your SPF record: include smtp.hroffice.eu

  2. Add the following to your SPF record: IP4: 84.241.182.106 IP6: 2001:1690:2:416::167

The “Include” method (option 1) is our preferred choice, but if you’ve already exceeded the SPF lookup limit, you can either extend them (see here for how) or replace them by including the IP4 and IP6.


How can I add HROffice’s DKIM records to my DNS?

You’ll need to add the following records to your DNS and inform HROffice so we can activate them on our SMTP server.

Name

Type

Content

TTL

adver1._domainkey

CNAME

dkim1.hroffice.eu.

3600

adver2._domainkey

CNAME

dkim2.hroffice.eu.

3600

Note: The period after “dkim1.hroffice.eu.” is very important!


Creating your own SPF record

You can assemble an SPF record with the following components. If you're not sure how to do this yourself, there are useful websites where you can generate an SPF record by simply filling in a few details.


The components of an SPF record

An SPF record consists of several components, each serving a different purpose:

  • v=spf1: This defines that the record is an SPF record. Every SPF record begins with this.

  • a: This defines that emails may be sent from all A records in the DNS.

  • mx: This defines that emails may be sent from the servers configured as receiving servers.

  • a:domein.nl: This defines that emails may be sent by the server behind the A record of ‘exampledomain.nl’.

  • mx:domein.nl: This defines that emails may be sent by the server behind the MX record of ‘exampledomain.nl’.

  • 84.241.182.106: This defines that emails may be sent from the server behind the IPv4 address ‘84.241.182.106’.

For HROffice Recruitment, the following details apply:

  • Ip4: 84.241.182.106

  • Ip6: 2001:1690:2:416::167

  • include:domein.nl: This defines that the SPF record of ‘exampledomain.nl’ should be used for your own domain. For HROffice, you can add include:smtp.hroffice.eu.

At the end of the record, you can specify whether to set a SOFTFAIL or a DENY.

  • ~all: Softfail. If an email is sent from a host or IP not in the SPF record, the message is allowed but may be marked.

  • -all: Deny. If an email is sent from a host or IP not in the SPF record, it will be rejected by the receiving server.

A final SPF record might look like: “v=spf1 mx a ip4:84.241.182.106 ~all”.


Adding your SPF record to DNS

After creating your SPF record, you’ll need to add it to your DNS. In your DNS overview for the domain, create a new TXT record. In the left input field, enter the hostname for which the SPF record should be active (usually the domain name itself, so it’s typically left blank). In the right input field, enter the full SPF record from ‘v=spf1’ to ‘all’, without quotes.

Will all my emails always arrive properly with the SPF record?

No. While the SPF record can help your email reach its destination, there are still many other factors that might cause the email to be flagged as spam. For example, if your email contains spam-sensitive words or characters.

Do you have any questions? Feel free to send us a chat message (via the chat option at the bottom right of your screen), or email or call us.

Our contact details are:

Email: [email protected] Phone: +31 23-553 03 59

We are here to help!

Kind regards,
The HROffice Recruitment Team

Related Articles
Get started with HROffice Recruitment
Frequently asked questions and answers
Did this answer your question?