Menu
Feedback
Start here
Tutorials
Developer portal
Known Issues
Support Rules
Troubleshooting
Frequently Asked Questions
Announcements
Tutorials
Explore in-depth tutorials for operating your VTEX store.
Tutorials
Infrastructure
CDN Service
Best Practices on Sender Policy Framework (SPF)
Best Practices on Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is a system that prevents unauthorized servers from sending emails on behalf of a domain. This system verifies if the server follows the policies determined by the administrator of that domain. This configuration is essential to avoid deliverability issues for transactional emails.

If you are trying to improve the deliverability rate of transactional emails in your store, consider setting up DKIM as well.

Understanding syntax

For syntax details, we recommend that you read the documentation Sender Policy Framework SPF Record Syntax.

In the DNS manager, the SPF will be a TXT entry in the domain root (ex.: site.com) with the following format:

site.com. IN TXT “v=spf1 a mx ip4:192.0.2.32/27 include:provedor.com ~all”

We can divide the policy above into the following sections:

  • v=spf1: required prefix.
  • a mx ip4:192.0.2.32/27 include:provedor.com: authorized senders.
  • ~all: condition for including or excluding senders except the ones previously declared.

When applied for authorized senders, the above rules mean a server can send messages on behalf of the given domain (site.com) if:

  • a: its IP address is found in the domain's type A entry.
  • mx: it is designated as the domain’s MX record.
  • ip4: it belongs to the 192.0.2.32/27 IP address block.
  • include: it satisfies the SPF rules in the referenced domain (provider.com).

The inclusion or exclusion condition can have the following values:

  • +all: any sender will be authorized.
  • -all: any sender (except the declared ones) will be rejected.
  • ~all: another verification step will be required to reject unauthorized senders. (Recommended)
  • ?all: the verification of unauthorized senders will be disregarded.

We recommend using ~all, which has a better deliverability rate. If there is an unauthorized sender, this option does not stop the sending of the email, but informs that the SPF validation failed.

SPF in the VTEX context

VTEX uses the include:amazonses.com SPF. This is Amazon's transactional email sending service, used in the default sender (VTEX type) of Message Center.

See our article Setting up the SPF for more details.

Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Best practices for accessing the store without www
« Previous
Insert reverse proxy in front of VTEX services
Next »
Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback