To ensure emails processed by INKY pass SPF checks and maintain deliverability, you need to add INKY's SPF mechanism to your domain’s SPF record. Below are step-by-step instructions for updating your SPF record.
Log in to your DNS management portal (usually provided by your domain registrar or hosting provider).
Look for the DNS Records or DNS Settings section.
Check if you already have a TXT record that starts with v=spf1.
Example of an Existing SPF Record:
v=spf1 include:spf.protection.outlook.com -all |
If you already have an SPF record:
Append the following INKY mechanism to it:
exists:%{i}._spf.inkyphishfence.com |
Updated Example:
v=spf1 include:spf.protection.outlook.com exists:%{i}._spf.inkyphishfence.com -all |
If you do not have an SPF record:
Create a new TXT record with the following value:
v=spf1 exists:%{i}._spf.inkyphishfence.com -all |
Save the updated record in your DNS management portal.
Note that DNS changes may take up to 48 hours to propagate, but they typically update much faster.
After making the changes, verify the correctness of your SPF record:
Use an SPF validation tool (e.g., MXToolbox SPF Check).
Confirm that your updated SPF record includes INKY’s mechanism and does not exceed SPF limits:
A maximum of 10 DNS lookups.
TXT record length under 255 characters.
If your DNS provider doesn’t support special characters, you can use the following
|
Keep Only One SPF Record: Ensure your domain has a single SPF record. If there are multiple, merge them into one.
Test Before Finalizing: If you're uncertain, test changes in a staging or non-critical domain before applying them to production domains.
Monitor Email Deliverability: Regularly review email logs to ensure smooth delivery.
A: INKY operates behind the traditional MX record as an inline email security tool. It ensures that all email is scanned before delivery to the recipient's mailbox. To achieve this, Office 365 and Google Workspace route messages to the INKY cloud for processing. INKY scans the email, applies any necessary banners, and provides delivery instructions back to the tenant. Adding the INKY SPF record authenticates these transactions, ensuring their legitimacy.
A: Yes, the exists mechanism in an SPF record counts toward the 10 DNS lookup limit imposed by the SPF standard. Each exists mechanism query constitutes one lookup.
If adding the INKY SPF record causes an SPF "too many lookups" error, contact INKY Support for assistance in optimizing your SPF configuration.
A: The exists mechanism in an SPF record checks if a specified domain resolves to a valid DNS record. It uses the syntax exists:<domain> and evaluates to true if the domain resolves. This mechanism helps verify the legitimacy of email senders.
A: The %{i} macro represents the sending IP address in reverse-dotted notation. For example, if INKY sends from 192.0.0.1, %{i} expands to 1.0.0.192._spf.inkyphishfence.com. During SPF validation, the system queries this domain. If it resolves to any DNS record, the exists mechanism evaluates to true, and the email passes SPF validation. Otherwise, the email fails SPF.