/
INKY SPF Record

INKY SPF Record

Owned by Matthew Sywulak
Last updated: yesterday at 3:44 pm by Michael Cokely
3 min read

Instructions for Updating Your Domain's SPF Record to Work with INKY

To ensure emails processed by INKY pass SPF checks and maintain deliverability, you need to add INKY's SPF mechanism to your domain’s SPF record. Below are step-by-step instructions for updating your SPF record.

Step 1: Identify Your Current SPF Record

  1. Log in to your DNS management portal (usually provided by your domain registrar or hosting provider).

  2. Look for the DNS Records or DNS Settings section.

  3. Check if you already have a TXT record that starts with v=spf1.

    Example of an Existing SPF Record:

    v=spf1 include:spf.protection.outlook.com -all

Step 2: Update the SPF Record

  • If you already have an SPF record:
    Append the following INKY mechanism to it:

    exists:%{i}._spf.inkyphishfence.com

    Updated Example:

    v=spf1 include:spf.protection.outlook.com exists:%{i}._spf.inkyphishfence.com -all

  • If you do not have an SPF record:
    Create a new TXT record with the following value:

Step 3: Save Changes

  1. Save the updated record in your DNS management portal.

  2. Note that DNS changes may take up to 48 hours to propagate, but they typically update much faster.

Step 4: Test and Validate Your SPF Record

After making the changes, verify the correctness of your SPF record:

  1. Use an SPF validation tool (e.g., MXToolbox SPF Check).

  2. Confirm that your updated SPF record includes INKY’s mechanism and does not exceed SPF limits:

    • A maximum of 10 DNS lookups.

    • TXT record length under 255 characters.

Best Practices and Notes

  • Keep Only One SPF Record: Ensure your domain has a single SPF record. If there are multiple, merge them into one.

  • Test Before Finalizing: If you're uncertain, test changes in a staging or non-critical domain before applying them to production domains.

  • Monitor Email Deliverability: Regularly review email logs to ensure smooth delivery.

FAQ

Q: Why do I need an INKY SPF record?

A: INKY operates behind the traditional MX record as an inline email security tool. It ensures that all email is scanned before delivery to the recipient's mailbox. To achieve this, Office 365 and Google Workspace route messages to the INKY cloud for processing. INKY scans the email, applies any necessary banners, and provides delivery instructions back to the tenant. Adding the INKY SPF record authenticates these transactions, ensuring their legitimacy.

Q: Does this record count toward the 10 DNS lookup limit in SPF?

A: Yes, the exists mechanism in an SPF record counts toward the 10 DNS lookup limit imposed by the SPF standard. Each exists mechanism query constitutes one lookup.

If adding the INKY SPF record causes an SPF "too many lookups" error, contact INKY Support for assistance in optimizing your SPF configuration.

Q: What does "exists" mean in the record?

A: The exists mechanism in an SPF record checks if a specified domain resolves to a valid DNS record. It uses the syntax exists:<domain> and evaluates to true if the domain resolves. This mechanism helps verify the legitimacy of email senders.

Q: What is the purpose of %{i} in the record?

A: The %{i} macro represents the sending IP address in reverse-dotted notation. For example, if INKY sends from 192.0.0.1, %{i} expands to 1.0.0.192._spf.inkyphishfence.com. During SPF validation, the system queries this domain. If it resolves to any DNS record, the exists mechanism evaluates to true, and the email passes SPF validation. Otherwise, the email fails SPF.