SPF validation is one of the most important aspects of good delivery.
The Domain Verification Tutorial will show you how to add the records to your domain's DNS settings. One of the records you will be adding is what is called an SPF record. The actual record type is TXT but it widely used and referred to as SPF. As outlined in the tutorial, here are the steps you need to take to add the SPF record to your DNS:
Name: yourdomain (or @)
Value: v=spf1 a mx include:_spf.elasticemail.com ~all
If you already have an SPF entry then you need to edit your current one. For example, if your domain already has the record:
v=spf1 a mx include:_spf.google.com ~all
then you would just add: include:_spf.elasticemail.com
The final record would look like this:
v=spf1 a mx include:_spf.google.com include:_spf.elasticemail.com ~all
If your record does not validate - then it most likely means that either the record is failing to propagate or there is a configuration issue. Some very common SPF issues are listed below.
Multiple SPF Records
Each domain may have only one SPF entry. If your domain contains more than one entry, recipient servers will decline both - this will cause your emails to fail SPF. If there is more than one SPF entry in the domain's DNS, remove ones that are not in use and/or merge existing ones into a single record. When merging make sure that your entry starts with "v=spf1" and ends with "~all" parameter.
Too many DNS lookups
An individual SPF record is limited to 10 "include" lookups. This means your record cannot generate more than 10 references to other domains.
Every instance of parameters "include", "a", "mx", "ptr", "exists", "redirect" will generate one lookup. Additionally, if any domain that is referenced in an "include" contains another instance of those parameters it is also counted towards the 10 lookup limit.
If the SPF record exceeds 10 DNS lookups, the email will fail SPF.
Remove includes and references to domains are not in use anymore. Alternatively, subdomains can be used. Creating a subdomain will allow an additional SPF record. However, if a subdomain is verified then the email will need to be sent from that subdomain.
Syntax error
Make sure the SPF record is properly constructed. Each SPF record must:
Start with “v=spf1”
End with “~all” , “-all” or “?all”
And does not have multiple “all” or “v=spf1” parts in the entry (eg. v=spf1 a mx include:_spf.elasticemail.com ~all ~all )
Additional + in include
Some recipient servers are unable to pass SPF records when the "include" is prefixed with a "+" sign. This is because the default parameter for the mechanism is a pass. The "+" also means pass, so it is redundant. Simply removing any "+" signs from the record will ensure it will pass will most recipient servers.
Typos
If your record is not validating, please double check your entry for typos. Examples:
"incldue" instead of "include"
Or
the domain name, make sure you use "_spf.elasticemail.com" and not the easily mistaken "_spf.elasticmail.com"
Still not verifying?
Each change in your DNS zone needs some time to propagate through the internet. Usually, it takes anywhere from a few seconds to one hour. However, in rare cases, this period may take up to 48 hours. If your record is still not propagated after several hours you should contact your domain hosting support and ask them if the change to your DNS has been properly saved and propagated.