How to Configure SPF Record for Managed Backup
Situation
An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email messages on behalf of your domain.
The purpose of an SPF record is to prevent spammers from sending messages with forged 'From' addresses in your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.
For example, your domain example.com uses the on-premises mail server. You create an SPF record that identifies the MSP360 mail servers as the authorized mail servers for your domain. When a recipient’s mail server receives a message from user@example.com, it can check the SPF record for example.com to determine whether it is a valid message. If a message comes from a server other than the on-premises mail servers listed in the SPF record, the recipient’s mail server can reject it as spam.
This is why it is important to have the appropriate SPF records in your domain records.
Solution
The SPF record values depend on which email service is used for email sending.
To learn more about email services and their configuration, refer to the Email Service chapter at help.mspbackups.com
If you use your own SMTP email service, the following IP addresses of Managed Backup SMTP Servers should be allowed on customer's SMTP server for connection:
52.6.7.137
52.5.40.159
3.230.30.31
18.205.167.123
From these IP addresses Managed Backup services can connect to customer provided SMTP servers for sending emails.
If you use the email service provided by Managed Backup, set the following SPF record to your domain:
TXT
v=spf1 include:amazonses.com ip4:50.19.243.6 ~all
where:
- TXT is a type of the domain record
- Second line is a value of this record
- ip4 is the MSP360 SMTP server IP address
For other records you can use the 'include' syntax in the following format:
TXT
v=spf1 include:_spf.google.com include:amazonses.com ip4:50.19.243.6 ~all
In order to additionally ensure that your email notification messages reach all intended addressees, consider the following measures after configuring your SPF record:
Checking that your email domain (the one featured in "Sender Email Address") has no restrictive DMARC policies. You can check your email domain's SPF record and DMARC policies using publicly available services if necessary.
Unblocking previously failed / bounced email notification sending attempts on "Notification Errors" page.