Update Your SPF Record for INKY
Written By Matt Sywulak
Last updated 2 months ago
What You Need to Know
Add INKY's SPF mechanism to your domain's DNS records to ensure emails processed by INKY pass authentication checks. Without this update, your outbound emails may fail SPF validation and be rejected by recipient mail servers.
This is a one-time configuration that typically takes 5-10 minutes. DNS changes usually propagate within an hour, though they can take up to 48 hours.
Why This Matters
INKY sits inline in your email flow, receiving messages from your mail provider, scanning them, and delivering them to recipients. When INKY sends email on behalf of your domain, receiving servers check your SPF record to verify INKY is authorized. Adding INKY's mechanism to your SPF record authorizes this transaction.
Add INKY to Your SPF Record
Find Your Current SPF Record
Log in to your DNS management portal (typically through your domain registrar or hosting provider). Navigate to DNS Records or DNS Settings and look for a TXT record starting with v=spf1.
Example existing record:
v=spf1 include:spf.protection.outlook.com -allIf you don't see an SPF record, you'll create one in the next step.
Update the Record
If you have an existing SPF record, add this mechanism before the -all or ~all at the end:
Exampleexists:%{i}._spf.inkyphishfence.com
Complete example for Microsoft:
v=spf1 include:spf.protection.outlook.com exists:%{i}._spf.inkyphishfence.com -allComplete example for Google Workspace:
v=spf1 include:_spf.google.com exists:%{i}._spf.inkyphishfence.com ~allIf you don't have an SPF record, create a new TXT record with this value:
v=spf1 exists:%{i}._spf.inkyphishfence.com -allAlternative Format for Limited DNS Providers
Some DNS providers don't support the %{i} macro syntax. If your provider rejects the record above, use these include statements instead:
v=spf1 include:spf.protection.outlook.com include:spf-ipw.inkyphishfence.com include:spf-obx.inkyphishfence.com -allExampleinclude:spf-ipw.inkyphishfence.com
Exampleinclude:spf-obx.inkyphishfence.com
This approach uses a total of three DNS lookups instead of one, so use the exists format whenever your DNS provider supports it.
Save and Verify
Save your changes in the DNS portal. Use an SPF validation tool like MXToolbox SPF Check to verify your record is correct. Your updated record should include INKY's mechanism and stay within SPF limits (10 DNS lookups maximum, 255 characters or less).
Common Issues
"Too Many DNS Lookups" Error
SPF has a hard limit of 10 DNS lookups. If adding INKY's mechanism causes this error, contact INKY Support for help optimizing your configuration. We can often consolidate other mechanisms to stay within the limit.
Multiple SPF Records
You can only have one SPF record per domain. If you see multiple TXT records starting with v=spf1, merge them into a single record. Having multiple SPF records causes validation failures.
Changes Not Taking Effect
DNS propagation typically completes within an hour but can take up to 48 hours. Use a tool like whatsmydns.net to check propagation status across different DNS servers worldwide.
Understanding the Technical Details
What "exists" Means
The exists mechanism checks whether a specified domain resolves to any DNS record. In INKY's SPF record, exists:%{i}._spf.inkyphishfence.com validates that the sending IP address is authorized by INKY.
How %{i} Works
The %{i} macro expands to the sending IP address in reverse-dotted notation. For example, if INKY sends from 192.0.0.1, the macro becomes 1.0.0.192._spf.inkyphishfence.com. During SPF validation, if this domain resolves, the email passes authentication.
DNS Lookup Count
Yes, the exists mechanism counts as one DNS lookup toward the 10-lookup limit. The alternative format using include statements counts as a total of three lookups (one for each include).
Still need help? Contact INKY Support with your domain name and current SPF record, and we'll help you configure it correctly.