Quite often, we receive requests from our customers asking us to “fix” their SPF records on their Joomla websites. So, what is an SPF record, and why does a Joomla website need it?
An SPF (SPF stands for Sender Policy Framework) record is a DNS entry that will tell other mail servers which IP (or range of IPs) is (are) allowed to send an email pertaining to your domain. Yes, we know, this statement might sound a bit too technical, so let us give you an example…
The SPF record of itoctopus.com is currently the following:
v=spf1 +a +mx +ip4:173.199.145.148 +ip4:173.199.145.150 -all
The SPF record above tells the world that only the following IPs are allowed to send an email originating from itoctopus.com:
- 173.199.145.148
- 173.199.145.150
Now, you might be wondering, why is that necessary?
Well, the main reason behind SPF is to prevent spoofing. Email spoofing is when a spammer sends an email that looks like it’s sent from a certain domain (because of the headers and the from address), while, in reality, it’s not.
But why should someone care about email spoofing?
Imagine that a spammer sends every day thousands of emails that appear to be incoming from your domain. Sooner or later, your domain will be blacklisted and all the emails that are sent from your domain, even the legitimate ones, will end up either blocked or in the Junk E-mail folder that no one usually reads. In other words, the majority of your customers will no longer be able to receive any of your emails, whether these emails are sent from your Joomla website (for example, purchase confirmation emails, newsletters, reminders, etc…) or by you directly! Ouch!
So, how does SPF really work and how does it help prevent spoofing?
As explained earlier in this post, an SPF record explicitly specifies which IPs are allowed to send emails on your domain’s behalf. So, mail servers receiving emails from your domain will check whether the IP of the sending server exists in your SPF record. If it does, then it’ll redirect the email to the proper recipient, if it doesn’t, then it’ll reject the email (some servers will tell you that your email was rejected, others will just ignore it). In a best case scenario, the email will be tagged by the mail server with [SPF] and mail clients will automatically place it in the Junk folder.
As you can see, the existence of an SPF record ensures that mail servers will only accept legitimate messages from your domain, which means that illegitimate messages will no longer affect the reputation of your domain!
Will it hurt if the domain doesn’t have an SPF record?
Not having an SPF record won’t hurt until a spammer starts sending emails that appear to be originating from your domain. This is when an SPF becomes an absolute necessity to ensure that your emails reach your audience – or else, you will be forced to use free alternatives (such as gmail and the likes) to reach up to your clientele, which is not professional.
But what if the Joomla website doesn’t send any emails, is an SPF record still a necessity?
If the Joomla website doesn’t send emails, and if you don’t have any email accounts for that Joomla website, then it’s not really a necessity, but we recommend that you do it. Creating an SPF record is not that hard as you’ll see below.
How to check if a domain has an SPF record?
There are many online tools (some are commercial and some are free) that will list the SPF record of any domain (assuming, of course, that domain has an SPF record). Just Google spf record check and see what you’ll get. Alternatively, you can call your hosting provider and ask them whether your domain has an SPF record or not.
Can the SPF record added through Joomla’s backend?
No – it can’t. The SPF record is a DNS entry that cannot be added through your Joomla website’s backend.
So, how and where can the SPF record be added?
The answer depends on your hosting environment since the process substantially differs from one environment to the other. For example, if you’re using cPanel, then you can add an SPF record the following way:
- Login to your cPanel account for your Joomla website.
-
Click on Email Authentication.
-
Ensure that the SPF status is Status: Enabled & Active (DNS Check Passed) . If it’s not, then click on the Enable button just under SPF.
-
In the Additional Ip blocks for your domains (IP4) field, add the IPs that are allowed to send emails for your domain.
-
Click on Update.
-
That’s it!
If you’re using Plesk or another environment, then it’s better to have a system administrator do it for you (we can also do it for you!), since it can get a bit complicated and it can take some time.
Note that adding an SPF record is technically a DNS change, and, as such, it might take up to 48 hours to take effect because that change needs to propagate across servers worldwide. If you want it to take effect in a shorter period, then try lowering the TTL to something like 300 – which is the minimum (ask your hosting provider to do this for you if you don’t know how to do it).
Should the SPF record change when the domain’s IP change?
If the mail server’s IP changes as well (which is most likely the case), then yes, definitely, the SPF record should be updated to reflect the new IP (or ranges of IPs) that is (are) allowed to send emails from your domain.
We hope that this post on SPF records was helpful. We tried to put everything in layman’s terms because we know that the majority of Joomla website owners/administrators are not technical. Now, if you read the above and you feel you need help setting up (or fixing) an SPF record on your Joomla website, then do not hesitate to contact us immediately! We are friendly, we are very experienced in Joomla, we don’t charge much, our work is very clean, and we are super fast!