First, it's useful to know that a Sender Policy Framework (SPF) is a system designed to identify and protect against email fraud by providing a way to allow corresponding email providers to check that messages sent from a particular domain are coming from a server authorized to send email on that domain's behalf. Without this important bit of information specified within your website's DNS records, some recipient email servers may block your email messages or treat them as spam.
Setting up SPF can sound like a confusing process, but you don't need to be an expert in this area to get the job done -- you just need the help of someone who is. You may want to ask your IT staff, website administrator, or web hosting company to help you.
If you want to learn more about SPF, or if your technical person does, direct them to: http://www.open-spf.org/. The Deploying SPF section is a good one to read and the folks who read the forums can likely help with any configuration questions that come up.
In addition to setting up your in-office email in your SPF record, the technical person assisting you will need to configure your DNS record to work with thedatabank's servers. If you have other vendors sending on your behalf, they should be included in your SPF record as well.
The following is an example of an SPF record that designates thedatabank's email servers (ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124) and Microsoft's servers (include:spf.protection.outlook.com), and no other servers (-all) as authorized senders. It would work for an organization that uses Exchange or Office 365 for its organizational email, and thedatabank for PowerMails and emails from online forms:
|v=spf1 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 include:spf.protection.outlook.com -all|
By adding ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 to your organization's SPF record in DNS, you are telling the world that it's okay for thedatabank to send email on behalf of your organization. Not only that, but with this task out of the way, you'll be ensuring more messages actually reach the inbox of your organization's supporters.
Office 365 users:
Please note that if you are using Office365 internally, emails you receive from thedatabank may be marked as "fraud". This includes the cc's of confirmation emails sent by online forms. The receiver of the email will not see the fraud message - it's being inserted by your own email program. To eliminate the fraud warning, your organization will most likely need to whitelist thedatabank's IP addresses.