Bluehost Web Hosting Help

SPF Records - VPS Dedicated

SPF Records (VPS & Dedicated)

Protect your email reputation and combat email spoofing by setting up a Sender Policy Framework (SPF) record. It's a type of DNS record that notifies the recipient's mail host which mail servers are authorized to send email from your domain name, making it much more difficult for someone to spoof your email address trying to impersonate you.

This article outlines what you need to know about SPF records and how they can be implemented at Bluehost for VPS and Dedicated hosting. If you are using Shared or Cloud hosting, check out SPF for Shared and Cloud.



Using SPF Records with VPS and Dedicated Hosting

On our VPS and Dedicated hosting plans, email is sent out directly from the server. The default SPF record authorizes the IP address of the VPS or Dedicated server, so each one is different. Here is an example of what the default SPF record would be for a server at 198.51.100.123.

v=spf1 +a +mx +ip4:198.51.100.123 ~all

This record is composed of three parts:

  1. v=spf1 specifies that this is an SPF record.
  2. +a +mx +ip4:198.51.100.123 authorizes sending from the domain's A record, MX record, and ipv4 address 198.51.100.123.
    • This is the part of the record where you can add IP addresses and include SPF rules for other domains.
    • Third-party email marketing tools often require that you update your SPF record to accommodate their servers.
  3. ~all specifies how hosts should regard servers that are not on the list. There are a few modifies you can use here:
    • -all "Hard Fail" means reject all mail that isn't on the allowed list.
    • ~all "Soft fail" means accept mail not on the allowed list, but treat it with more scrutiny.
    • ?all "Neutral" means accept all mail; there isn't a policy for servers not on the list.

Customizing SPF Records

If you're using another host to send email for your domain, customize your SPF record by adding additional servers and IPs to the second part of the record. And if you want to make your record more strict to defend the domain from email spoofing, adjust the policy for "all."

For example, if your domain only used the address 198.51.100.123 for outgoing mail and you want to make the sending policy as strict as possible, you could use this SPF record:

v=spf1 ip4:198.51.100.123 -all

This record authorizes sending mail from 198.51.100.123 only; no other servers authorized.

For a more in-depth look at SPF syntax and mechanisms, see openspf.org.


How to add an SPF Record

SPF records are added to your Zone File as TXT records. Keep in mind that, by default Bluehost adds an SPF record to your zone file for each domain; so if you want to add another record, it's best to delete the default one from inside your cPanel.

  1. Log in to your Bluehost control panel
  2. Go to the Domains menu at the top and click the Zone Editor sub menu.
  3. Select your domain name from the drop-down.
  4. If you're removing an existing SPF record, scroll down to find it in the TXT record section to find it and click Delete.
  5. To add a new SPF record, enter this information under Add DNS Record at the top of the Zone Editor:
    • Name: Type your domain name (without the www)
    • TTL: 14400
    • Type: TXT
    • TXT Value: This is where you would paste in your new SPF record.
  6. Click Add Record.

You're done!


Knowledgebase Article 120,276 views bookmark tags: dedicated email prevent spf spoof spoofing vps


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

How To Setup a DNS SPF (Sender Policy Framework) Record

Sender Policy Framework records, or SPF records are a type of DNS record used to identify which mail servers should be allowed to send email from a certain domain name.

Email Spoofing

Explanation of how to recognize spoof mail and what can be done to prevent it

DNS Management - How To Edit MX Records

I would like to change my MX Record so I can use a mail server with another provider.

Related Help Content

Email not sending from Client or Webmail

Trying to send out emails from multiple email accounts fail from both webmail and third party email clients. Possible Reasons: The maximum emails per hour has been exceeded. This can be caused by forw

Access Mail Logs on Dedicated or VPS Servers

This article will explain how to view the email logs on a Dedicated or VPS server. This may be usefull if you are experiencing trouble with your email.

Restarting Mail Services on Dedicated or VPS Servers

This article will explain how to restart the email related services on a Dedicated or VPS server. This may be useful if you are experiencing trouble with your email.

Clearing the Mail Queue on VPS and Dedicated Servers

This article will explain how to clear the outbound mail queue on a dedicated or VPS server.

Spam and bulk email policy

What is your Spam and bulk email policy?

Domain Dispute Policy

As the registrar, we will assist in the following domain dispute, providing the specific criteria is met. The domain has been moved without the domain owner's consent by means of the password or EPP c

Modifying Name Servers (Registered through Bluehost)

How to modify name servers with bought domain through Bluehost.

VPS or Dedicated Hosting - Using Multiple cPanel Accounts To Set Custom Nameservers

How to setup name servers for multiple cPanel accounts.