Improve Email Deliverability by Setting Up SPF Records
Thursday, May 25th, 2023Recently, Gmail changed its email acceptance policies to reject emails from sending domains without SPF or DKIM records. If they can’t be sure a message originated from an authorized server, it may end up in the spam folder. Setting up SPF records is one way to improve email deliverability, prevent spoofing, and keep your emails out of the spam folder.
What are SPF Records?
SPF stands for Sender Policy Framework. SPF allows administrators to specify exactly which servers are allowed to send emails on behalf of a domain by adding a record to the domain name settings (DNS). When an email is sent to another service provider, like Gmail, they compare the sender’s IP address to the SPF record. The email will only be delivered to the inbox if the record lists the correct server address. If the server is not listed, the email service provider assumes the message is forged and may send it to spam.
SPF records are primarily used to stop forged emails. Setting up SPF records for your sending IP addresses will prevent spammers from using your domain as their “From” sending address. For example, say your company domain is “trial.com,” and your SPF record correctly identifies your sending server’s IP address. Any messages you send will be verified as coming from your organization and will be delivered. When spammers try to use trial.com as their sending domain, the mail service provider will compare their IP address to your SPF record. When they do not match, the message will be flagged as suspicious.
However, SPF records do not prevent spammers from using other tactics to infiltrate your inbox. They could set up a similar domain like “trail.com” and set up SPF records for that domain to avoid scrutiny. SPF should be used in conjunction with other security measures like DKIM and DMARC to increase deliverability and protect your sending domains.
How to Set Up SPF Records
You must work with the domain owner or administrator to set up an SPF record. First, you need to collect all of the IP addresses that your organization uses to send email. Then, you will need access to your domain settings to add the SPF record. Whoever manages your domain name and web hosting can help you add the record. If you have further questions about how to improve your email deliverability, please don’t hesitate to reach out to the LuxSci support team.
There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations. Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges. This seems to be increasingly less likely as of 
Twice in the past few weeks I have received appointment reminders or scheduling information from doctors via email — via insecure, non-HIPAA-compliant email.
