How To Setup a DNS SPF (Sender Policy Framework) Record | Bluehost Support
Support

  1. bluehost knowledge base

 

How To Setup a DNS SPF (Sender Policy Framework) Record

By creating a Sender Policy Framework (SPF) record, you can defend your email's reputation and fight spam. This DNS record makes it harder for someone to spoof your email address while attempting to impersonate you by informing the recipient's mail host which mail servers are permitted to deliver email from your domain name.  
 
What you need to know about SPF records and how Bluehost may use them for shared and cloud hosting are covered in this article.

Using SPF Records with Shared and Cloud Hosting

Note: This article explains the split experience between the Rock and Account Manager platforms when setting up DNS SPF Record through the File Manager on your Bluehost account. Please see Account Manager vs. Rock to learn more.

Legacy Accounts

Each host uses its own spam-filtering rules for its incoming mail servers. This means that depending on the rules. One outgoing mail server may be better for delivering mail to host XYZ, while another is better for delivering mail to host ABC. Because we want to keep your delivery rates as high as possible, we use an entire network of servers to send mail so our system can select the mail server best qualified to send a message to its particular destination.  

To make it work, we maintain a list of approved servers and IP addresses in the SPF record of Bluehost.com, which is then included in the default SPF record of every domain on our Shared or Cloud hosting plans. The default record looks like this:

v=spf1 a mx ptr include:bluehost.com ?all

The record is composed of three parts:

  1. v=spf1 identifies the TXT record as an SPF record.
  2. a mx ptr include:bluehost.com specifies an approved list of outgoing servers.
    • If you have a non-Bluehost server, you want to allow sending mail from. This is where you'll add it. It's also where Bluehost's list of approved outgoing servers is included. (include:bluehost.com) 
    • Third-party email marketing tools often require updating your SPF record to accommodate their servers.
  3. ?all specifies how hosts should regard servers not on the list. There are a few modifiers you can use here:
    • -all "Hard Fail" indicates that all mail not on the allowlist is rejected.
    • ~all "Soft Fail" indicates that it accepts mail that is not on the allowlist but handles it carefully.
    • ?all "Neutral" indicates no policy for servers not on the list; it allows all mail. This is the default configuration.

Account Manager and Bluerock Accounts

These accounts do not use unifiedlayer.com proxy IPs as the outgoing email server. Instead, Rock and Account Manager accounts use websitewelcome.com proxy IPs as an outgoing email server. Since email is not sent from unifiedlayer.com proxy IPs, the SPF record must be configured with websitewelcome.com instead of brand-specific URLs. For example:

v=spf1 a mx include:websitewelcome.com ~all

The record is composed of three parts:

  1. v=spf1 identifies the TXT record as an SPF record.
  2. a mx include:websitewelcome.com specifies an approved list of outgoing servers.
    • If you have a non-Bluehost server, you want to allow sending mail from. This is where you'll add it. It's also where Bluehost's list of approved outgoing servers is included. (include:websitewelcome.com)
    • Third-party email marketing tools often require updating your SPF record to accommodate their servers.
  3. ?all specifies how hosts should regard servers that are not on the list. There are a few modifiers you can use here:
    • -all "Hard Fail" indicates that all mail not on the allowlist is rejected. 
    • ~all "Soft Fail" indicates that it accepts mail that is not on the allowlist but handles it carefully.
    • ?all "Neutral" indicates no policy for servers not on the list; it allows all mail. This is the default configuration.

Note: The default SPF DNS Record for Account Manager and Bluerock accounts is the same.

Customizing SPF Records

?all is the default setting since we don't know if you'll use another email service other than Bluehost with your domain name. Please see open-spf.org for a more thorough explanation of SPF syntax and processes.

Customize your SPF record by adding more servers and IPs to the second part if you send emails to your domain from a different host. Additionally, change the policy to "all" if you want to make your record stricter to protect the domain from email spoofing.

For example, if you only use Bluehost to send email from your domain and you want to make the sending policy as strict as possible, we recommend using this SPF record: 

v=spf1 a mx ptr include:Bluehost.com -all

This record authorizes your website's server and Bluehost's list of outgoing mail servers to send an email. All other outgoing mail servers are unauthorized. Follow the steps below to add a new SPF record to your domain name. 

Add an SPF Record

SPF records are added as TXT records to your Zone File. The default SPF record must be deleted from your cPanel before installing a new one since Bluehost automatically adds one to your zone file for each domain.

Note: To learn more about managing your DNS records, please see DNS Management: How to Add, Edit, or Delete DNS Entries.

Account Manager

  1. Log in to your Bluehost Account Manager.
  2. Click the Domain Name tab from the side navigation menu to the left.
  3. Click ˅ to enlarge the Advanced Tools section as you scroll down.
  4. Here, you will have the option to manage Nameservers (DNS) or Advanced DNS Records. Click MANAGE next to Advanced DNS Records.
  5. Click the +ADD RECORD button.
  6. Other fields may appear depending on the type of record you are creating. Fill out details as instructed by the DNS record provider.
    • Type: TXT 
    • Refers to: @
    • TXT Value: This is where you would paste your new SPF record.
    • TTL:  4 Hours 
  7. Lastly, click on the ADD button to create the record. 

Bluerock

  1. Log in to your Bluehost control panel.
  2. Click the Zone Editor submenu under the Domains menu at the top.
  3. From the drop-down menu, choose and click your domain name.
  4. To delete an existing SPF record, scroll down to the TXT record section, identify the record you want to delete, and click the Delete option.
  5. To add a new SPF record at the top of the Zone Editor, enter the following details below under the Add DNS Record section:
    • Name: Your domain name (without the www) should be typed here.
    • TTL: 14400
    • Type: TXT
    • TXT Value: This is where your new SPF record should be pasted.
  6. Lastly, click Add Record.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.