Explain SPF like I’m 12

How to have someone else’s server send your emails?

Say, you have just registered your own domain name: “myawesomedomain.com”, and a geek friend of yours says “hey pal, you’ll need to pay someone, or set up your own server, to send emails out from that awesome domain. Lemme do it for you!”

If you have a friend like that, keep them for life.

Now, jokes aside, how would you go about that? At this point, your geek friend should have given you an IP address (or, more usually, a domain name) of a server from which your emails will actually be sent out. You need this value to update your own domain’s DNS setting so that your friend’s server can send emails out for your domain (more on this later). Of course, the actual recipient will know that it’s you, sending from “myawesomedomain.com”, but behind the scene, it’s your friend’s server doing all the hard work of sending those emails for you. You never had to purchase or set up any server yourself. All you ever bought was the domain “myawesomedomain.com”. Almost a free lunch, eh?

In the physical world, this scenario is akin to you asking your friend to hold the envelop with your letter inside, go to the post office, and push it into the mailbox there for you. Thus, you may want to tell the world “Hey, this person takes my mails to the post office for me so I can stay home and watch Netflix. If you ever get a letter from me, know that I trust this person not to meddle with the letter, and you should, too.

Likewise, in the digital world, you need to let the public internet know that your friend’s server is responsible for sending your emails. You trust your friend’s server, and everyone needs to respect your trust. By “everyone”, I mean the Internet Service Providers around the world, the Email Service Providers where your recipients created their email accounts (Google, Yahoo, etc.), and everything in between. If you don’t let “everyone” know that you trust your friend’s server, “everyone” will likely mark the email (if it can even reach your recipient’s inbox) as spam.

This “trusting” action, in the digital world, is carried out through something called “SPF” – Sender Policy Framework.

An email advertising itself as coming from domain “A.com”, but actually gets sent from a server sitting at domain “B.com” is highly likely marked as spam (or doesn’t reach its destination at all) without (at least) an appropriate SPF setup.

Setting up SPF is relatively easy. With a tiny bit of technical know-how, you can create a TXT record on your domain with a certain value conforming to a well-defined syntax. Take for example, a setting like illustrated below:

Creating a TXT record for “myawesomedomain.com”. If you’re unfamiliar with managing your domain’s DNS settings, you may ask the service provider (where you purchased your domain) to help you

Remember the domain name your geek friend gave you? It is the text “myfriendsdomain.com” in this example. A setting like above shall allow your friend’s server (whose domain is “myfriendsdomain.com”) to send emails which self-advertise as coming from your domain (“myawesomedomain.com”). Done properly, and the emails shall arrive in the recipients’ inboxes without being marked as spams!

TL;DR: SPF, or Sender Policy Framework, is a way for you to publicize your trust in someone else’s server to handle the delivery of emails whose “sent from” address has your own domain in it. This way, you don’t need to purchase & set up your own server. Someone else’s server takes care of the email sending process. You only need to set up SPF properly on your own domain so that your emails don’t get marked as spams.

Disclaimer 1: this post only means to explain SPF itself. So, it is beyond the scope of this post to discuss the technical syntax of SPF, or how it all works under the hood. It is also out-of-scope to explain DKIM and DMARC which are additional layers of protection and assurance for your emails to be delivered safely and properly & with an even better chance of NOT being marked as spams.

Disclaimer 2: this post uses terms such as “friend’s” and “someone else’s”, and broadcasts a sense of “free lunch” all over the places, but in practice, we often have to pay for this service. In other words: either we pay to have our own server set up to send our emails out properly, or we pay a professional service to do that for us.

Photo by Joanna Kosinska on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s