Adding an SPF Record – Forth

Doc. Number	Article Title	Effective Date	Version
FHC-XX	Adding an SPF Record	June 25, 2024	0.4

This article includes the following topics:

What is a DNS record?
Why use one?
What do I do?
What exactly am I adding?
Additional information
SSL Certificates
Intervention by Forth

What is a DNS record?

A DNS (Domain Name System) record contains information about your domain. For more information, please visit the Wikipedia article on DNS Records.

Specifically, we ask you to add a Sender Policy Framework (SPF) record as a TXT DNS record. This is how we authorize our domain to send emails as yours. You can find more information again on Wikipedia.

Why use one?

Setting up the SPF record to authorize our domain to send emails as yours:

Helps your company's e-marketing campaigns work to their fullest potential. Adding this record will help with YOUR email delivery.
Helps prevent emails from going to spam. When a server receives a message appearing to come from one domain but coming from another without an SPF record authorizing the actual sender, emails can easily be flagged as Spam/Junk.
Helps our email servers' reputation. The success of email campaigns and other messaging somewhat depends on our servers' reputation throughout the internet. The more emails go to Spam and Junk, the poorer our reputation. Since having our clients add an SPF record helps, it is to everyone's advantage to use the CRM to have their SPF records updated, as advised below.

What do I do?

You will need to add the SPF TXT record with your domain hoster. The company hosting your domain should have support information explaining how to update or add DNS records.

For example, you can visit GoDaddy's article on setting up a TXT record. This process is usually fairly simple: You navigate to the section in the host's domain management portal and cut and paste the information we've provided in this article into the record.

What exactly am I adding?

This depends on your current record. You can look up the current record by clicking here. Once you determine which is your case, take the following steps:

If you have no SPF record

You must add the below to your DNS Records as a new TXT record.

v=spf1 a mx ptr include:client_spf.setforth.com

If you have an existing SPF record

You will want to alter the current record so setforth.com is included as authorized to send emails. Add "include:client_spf.setforth.com" to the current record.

Example 1:

Current Record: v=spf1 a mx ptr include:client_spf.outlook.com

Change to: v=spf1 a mx ptr include:client_spf.outlook.com include:client_spf.setforth.com

Example 2:

In cases where the SPF record includes ~all or -all, update the record IMMEDIATELY. The -all portion of the record says any domain not listed is NOT AUTHORIZED to send emails as the domain. This needs to be fixed immediately since each time a message comes from setforth.com; it causes further damage to our reputation and likely causes most of your emails to end up marked as spam or junk with your clients.

~all must be placed at the end of the SPF record.

Current Record: v=spf1 a mx ptr include:client_spf.outlook.com ~all

Change to: v=spf1 a mx ptr include:client_spf.outlook.com include:client_spf.setforth.com ~all

Additional information

Adding this record does not guarantee your emails will be delivered successfully. It will help, but factors remain that can cause your message to go to spam/junk. These include:
- Contents - certain language used in an email message can cause some servers to flag your emails as spam/junk.
- Repeated Messaging - Sending the same message to the same address over and overrepeatedly can also cause your emails to be flagged as spam/junk. Doing this to many email addresses can cause a serious issue.
- Contact Preference - The email address you are messaging can decide they no longer wish to receive your message and flag it as spam manually. It's also possible that the contact has settings on their end so that they have to white-list domains or email addresses to accept the message. Otherwise, it will go to their spam/junk folder.
Having multiple records can cause an error that negates any changes to the record. This is why you need to confirm the current record. If, for example, you have the record v=spf1 a mx ptr include:client_spf.outlook.com ~all and instead of adding include:client_spf.setforth.com to the existing record, you instead add the additional record v=spf1 a mx ptr include:client_spf.outlook.com include:client_spf.setforth.com, this will prevent both records from functioning properly and other servers to act as if there is no record in existence.

IMPORTANT: Do not confuse SPF records with other types of TXT records. Other TXT records can exist, but anytime you see a record starting with v=spf1 a mx ptr, you want to ensure there is only one of these per subdomain in your DNS records. Other formats can exist at the same time as TXT records, but you only want one in the SPF format, as described here.

SSL Certificates

In addition to the DNS changes listed above, you may have to perform an update to your SSL Certificate. In that event, please follow the steps below:

You must renew your SSL Certificate for your Domain Name from within your domain hosting account. There are three different types of certificates:

Standard SSL Certificate: SSL Certificate good for one domain address.
WildCard SSL Certificate: SSL Certificate that covers all CNAME's under your root domain.
or the less commonly used:
Premier SSL Certificate: Adds green color to the URL bar and requires authentication of your corporation documents and company physical office location. IMPORTANT: If you plan to use a custom domain for both the CRM and the portal, you must purchase a WildCard SSL Certificate.

***You cannot purchase a single domain certificate and change it later. If you try, you will have to start the whole process again.

You must paste the CSR code that Forth provides you into the appropriate text box on the registrar's website so they can generate and provide us with the SSL Certificate.

IMPORTANT: If you receive an error regarding the CSR code, you can verify it using GoDaddy's SSL decoder website (https://ssltools.godaddy.com/views/csrDecoder). This website can also fix any irregularities in the file itself and will provide a fixed file if issues are found.

After the domain hosting account registrar has accepted the CSR file, download a zip file containing the SSL certificate file. When prompted to download this file, please choose the option for server type 'Other.' Once you have the SSL certificate file, clients must send us the SSL certificate file they generated with our CSR Code to Support@setforth.com.

NOTE: Different registrars will use slightly different terminology when presenting the option to download your certificate;

While sending it back to us on the same ZenDesk ticket is preferred, you can send it separately.

Intervention by Forth

If you do not update the SPF record, you will still have the ability to send emails and use e-marketing campaigns. However, if your domain gets flagged as problematic by our development team, you will be asked to update the record. If you do not comply at that point, your ability to use the email functions in the Forth CRM will be shut off until the record is fixed. We understand that email marketing is a very important part of your business, and shutting off your ability to use this is an extreme circumstance. However, please understand the damage to Forth's reputation regarding emails affects all our clients. Therefore, if you do not comply with this, we must take action for all other accounts in our system.

Article Version History:

Version	Effective Date	Description
Basic	12/26/2016	Initial Release
0.1	08/23/2022	Add document header; updated title to better reflect the topic.
0.2	03/13/2023	Added version control footer; updated company and software references to Forth.
0.3	05/10/2024	Updated Content Tag for better search capability. Minor Grammatical updates to improve readability.
0.4	06/25/2024	Added section on SSL Certificates.

Related to