Example 1:
Assume every outbound email goes through your email server. In that case, your SPF record will look like:
v=spf1 mx ~all
Example 2:
Assume you have a third-party company that sends outbound emails on your behalf and their public IP address is
201.202.203.204. In that case, your SPF record will look like:
v=spf1 mx ip4:201.202.203.204/32 ~all
Example 3:
Taking the above examples one step further, assume you have outsourced your HR department to another company that also uses SPF and can send emails on your behalf.
The domain name of that company is friendlyHR.com. In that case, the SPF record will become:
v=spf1 mx ip4:201.202.203.204/32 include:friendlyhr.com ~all
Notice the ending
~all at the end of each record. This means a SOFTFAIL. An alternative approach is to use a
-all, which
indicates a FAIL. Receiving server will most likely reject any incoming message that fails an SPF test and see a
-all in the SPF
record. Further analysis will be performed when a
~all is used before considering it a forged message.
