Authenticating Email with SPF in Amazon SES
Sender Policy Framework (SPF) is an email validation standard that's
designed to prevent email spoofing. Domain owners use SPF to tell email providers which
servers are allowed to send email from their domains. SPF is defined in RFC 7208
To set up SPF, you publish a TXT record to the DNS configuration for your domain. This record contains a list of the servers that you authorize to send email from your domain. When an email provider receives a message from your domain, it checks the DNS records for your domain to make sure that the email was sent from an authorized server.
When you send email through Amazon SES, the messages that you send pass an SPF check by default. Amazon SES specifies a MAIL FROM domain for each message that is a subdomain of amazonses.com, and the sending mail server for the message aligns with this domain.
You can optionally publish your own SPF record. By publishing an SPF record, your email can comply with Domain-based Message Authentication, Reporting and Conformance (DMARC). For more information, see Complying with DMARC.
Adding an SPF Record
To publish an SPF record, you have to add a new TXT record to the DNS configuration for your domain. The procedures for updating DNS records vary depending on which DNS or web hosting provider you use.
The following table includes links to the documentation for several common providers. This list isn't exhaustive, and inclusion in this list isn't an endorsement or recommendation of any company's products or services. If your provider isn't listed in the table, you can probably still publish an SPF record.
DNS/Hosting provider | Documentation link |
---|---|
Amazon RouteĀ 53 | Creating Records by Using the Amazon RouteĀ 53 Console and Common values |
GoDaddy |
Add an SPF record |
DreamHost |
How do I add an SPF record? |
Cloudflare |
Managing DNS records in Cloudflare |
HostGator |
SPF Records |
Namecheap |
How do I add TXT/SPF/DKIM/DMARC records for my domain? |
Names.co.uk |
Changing your domains DNS Settings |
Wix |
Adding or Updating SPF Records in Your Wix Account |
If your domain doesn't have an existing SPF record, publish a TXT record with the following value. The name of the record can be blank or @, depending on your DNS service.
"v=spf1 include:amazonses.com ~all"
SPF records can contain multiple include
statements. If your domain
already has an SPF record, you can add an include
statement for Amazon SES by
using the following format:
"v=spf1 include:example.com include:amazonses.com ~all"