How to configure SPF for your domain

Expand All

  1. Login to Hydra DNS records list (requires Oxford network or VPN)
  2. Select Create
  3. Enter details as follows:
    Field Value
    Hostname unit.ox.ac.uk
    Type TXT
    Content v=spf1 redirect=_spf.ox.ac.uk
    TTL 300
  4. Select Create

Warning

There must be no more than one SPF policy for a domain, even though you can have as many TXT records as you like. You will need to check this, as well as ensuring that your SPF record is valid syntactically and against other SPF rules; Hydra does not validate TXT record contents and will not advise of any issues.

 

Don't do this!

Instead, configure the third-party system to use a dedicated mailbox account and send via smtp.nexus.ox.ac.uk

 

If the third-party you are using does not support properly authorised sending from a Nexus365 account then:

  1. Ensure that you have a good understanding of SPF (see SPF Project resources)
  2. Obtain an SPF inclusion clause from your third-party. This should be in the form “include:saas.domain.com
  3. Create a new SPF record or edit an existing record in Hydra IPAM, and insert the additional clause between v=spf1 and any other specifiers
  4. Save the record

SPF records were centrally added to all top-level domains (unit.ox.ac.uk) in 2016. This was a one-off exercise, and we recommend that local ITSS add the default SPF record to any domains they use in email sender addresses.

Some background on why we introduced SPF records, and their impact in relation to some ISP mail providers and common scenarios is available in the ITSS wiki.

Please do ensure that you understand SPF before amending records, as even a syntactically correct entry can render your entire SPF invalid. Consult a suitable SPF guide or the associated RFC for details.

Get support


If you cannot find the solution you need here then we have other ways to get IT support

Get IT support