NucleusCRM ·Tutorials

SPF Verification of your domains

a NucleusCRM Tutorial by TvD last updated 2021/06/30

What is SPF?

SPF stands for "Sender Policy Framework," it is an open standard that enables the owner of a domain to provide a public list of approved senders. The receiving server extracts the domain's SPF record and then checks if the source email server IP is authorized to send emails for that domain. When a message fails SPF, there's no guarantee it will be delivered.

Why is SPF Verification Required?

To successfully send emails through NucleusCRM,  the DNS record of your domain needs to list the IPs of our email servers and our partners; this is to ensure that you are the owner of the domain names used. Please include the following in your Domains' SPF (TXT) record.

Setting up an SPF record

Implementing SPF is simple and only requires a TXT entry in the domain's DNS record. You can only have one SPF record in your DNS record for each SPF version. If you publish multiple SPF records, this will invalidate your SPF record. You should continually update your SPF record rather than entering a new record besides the existing one.

A basic SPF record looks like this: v=spf1 a mx ~all
  • v=spf1This states which version of SPF is being used
  • aThis includes the domain's address record (A or AAAA) as an allowed host.
  • mxThis includes the domain's mail exchanger record (MX) as an allowed host.
  • ~allThis specifies that everything else should be a "Soft" fail. That means that the message should be accepted but tagged as a soft fail, and the receiving mail server can use that as an additional factor in scoring the message's likeliness of being spam. You can replace the ~ with a -, which would indicate that the message should be rejected, which is not recommended.

Adding NucleusCRM SPF Relay

To pass SPF verification, the following SPF Relay needs to be added to your domain's SPF record.
SPF Relay Host spf.nucleuscrm.com
SPF TXT include:spf.nucleuscrm.com

Your domains' SPF TXT record should look similar to the following:
v=spf1 a mx include:spf.nucleuscrm.com ~all

Before processing any outgoing email, your SPF records are re-verified. Domains that fail the SPF verification can not be used to send emails from. You or your administrator will be notified of any SPF changes by email. 
© 2020-2024 NucleusCRM LLC - Cheyenne WY, USA