We recommend that you create a Sender Policy Framework (SPF) record for your domain. An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain.

The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

For example, suppose that your domain example.com uses Gmail. You create an SPF record that identifies the Google Apps mail servers as the authorized mail servers for your domain. When a recipient's mail server receives a message from user@example.com, it can check the SPF record for example.com to determine whether it is a valid message. If the message comes from a server other than the Google Apps mail servers listed in the SPF record, the recipient's mail server can reject it as spam.

If your domain does not have an SPF record, some recipient domains may reject messages from your users because they cannot validate that the messages come from an authorized mail server.

If you've already set the SPF record for your domain, it means that you have set Google's servers in the SPF records.

SPF records for outbound gateway

If you decide to enable the email gateway feature, you will need to make sure both Google server's and the outbound gateway SMTP server address is included in the SPF record.

Note: If you purchased your domain from one of our registration partners while signing up for Google Apps, Google does not publish SPF records for your domain.

Note: If you have an existing SPF record, you can update it to authorize an additional mail server. Be careful not to create multiple SPF records - only update the existing record. Multiple SPF records are not recommended and will cause authorization problems. See Add SPF records for more information.

Configure SPF records to work with Google Apps

To create an SPF record for a domain:

  1. Log in to the administrative console for your domain.
  2. Locate the page from which you can update the DNS records.
  3. You may need to enable advanced settings.
  4. Create a TXT record containing this text: v=spf1 include:_spf.google.com ~all
  5. Publishing an SPF record that uses -all instead of ~all may result in delivery problems. See Google IP address ranges for details about the addresses for the Google Apps mail servers.
  6. To authorize an additional mail server, add the server's IP address before just before the ~all argument using the format ip4:address or ip6:address. (See Sender Policy Framework for more details on the SPF format.)
  7. If your registrar also requires a host setting (such as @), see the TXT records for specific domain providers list for precise instructions.
  8. Save your changes.
  9. Keep in mind that changes to DNS records may take up to 48 hours to propagate throughout the Internet.

Note: Multiple SPF records are not recommended and may cause delivery and spam classification issues. See Multiple SPF records for more information.

If you have difficulty creating an SPF record, contact your domain provider for assistance.