The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Four steps to setting up your SPF record with OCI Email Delivery

Josh Nason
Senior Email Delivery Consultant

So, you’re a new Oracle Cloud Infrastructure (OCI) Email Delivery customer and wondering where to start first. Take my word for it: You’ve clicked the right link. Any good onboarding journey from one email provider to another has several keys points, and this post focuses on one aspect: Sender policy framework (SPF), part of email authentication.

If you’ve been sending with a larger provider, you likely know this term well, but if not, we can teach you why it’s important. 

Email authentication plays a big part in your online reputation

Major mailbox providers, such as Gmail, Microsoft, and Yahoo all the way down to local businesses who utilize anti-spam software, rely on SPF, DKIM, and DMARC as the elements that determine whether your email makes it to the inbox or the spam folder. Authentication requires access to your sending domain’s DNS records. By adding SPF, DKIM, or DMARC, mailbox and anti-spam providers can quickly verify the email being sent through your IP is coming from a trusted source and not by someone impersonating your brand.

This process isn’t just for OCI Email senders, but for any sender looking to send bulk, marketing, and transactional email. Providers are hit with so much spam that they can weed out a lot by verifying if the email they’re receiving is coming from an authorized source.

In other posts, we tackle DKIM and DMARC. For ease of use, let’s focus on SPF. The following instructions apply to OCI Email Delivery senders but are also applicable for sending through other providers that want to learn about SPF.

Step 1: What domain are you sending from?

To add an SPF record, you first need to determine what sending domain or subdomain that you want to apply that record to. We use example.com, meaning any email sent from an example.com address through OCI Email Delivery has the record.

Step 2: Find our SPF record

Determine what email sending service provider or conduit you’re looking to authenticate. In this example, we use OCI Email Delivery.

You then need to find the provider-specific SPF record, also called an include record, to add to your DNS. You can obtain this record fairly easy, regardless of the provider. For this example, we use an include record that the people who send emails through the OCI Americas regions would add—part of several records that we provide, depending which region of the world you send from.

Step 3: Add the SPF record

How you add this record can vary, depending on who you use to manage your DNS. Customers who utilize OCI for DNS can set up this feature in the Console. Regardless, this process is easy, but ask your support personnel for help if it’s not clear in their documentation.

Using all the examples, add the TXT record of include:rp.oracleemaildelivery.com ~all to the DNS record of example.com. That inclusion tells receiving mailbox providers that email coming from example.com through OCI is authenticated.

Sending domains can use multiple SPF records because senders can use one provider for bulk email, one for support software, one for billing software, and so on. Using our example, if this is the first SPF record on that sending domain, add v=spf1 before the include. Otherwise, you don’t have to include v=spf1 for every include.

OCI customers that send email through different regions need to add all applicable region-specific SPF include records to their DNS.

Step 4: Verify the record

After everything is saved, it’s important to verify that your new SPF record is set up correctly. You can verify with the Terminal command, nslookup -type=txt example.com, or through a third-party source, many of which are found with a web search for ‘SPF lookup.’

If the record isn’t showing up or is showing up incorrectly, the record might not have propagated yet. After determining no caching is taking place, review and ensure that you have the right include record, that the record spelled correctly, and that you’ve followed the instructions set out by your DNS provider. Assuming you’re an OCI customer, contact to our support staff for guidance.

And you’re done. For now.


Not having SPF set up correctly can result in email going to the spam folder or being soft bounced, so ensuring that it’s accurate before those first campaigns or receipts go out is crucial. Getting email to the inbox is important. Having SPF on your sending domain or subdomain is a way to help ensure that your email’s journey is completed.

If you’re not an Oracle Cloud Infrastructure Email Delivery customer, you can begin your journey today.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha