TL;DR
SPF is a DNS-based way to tell the world which servers are allowed to send email for your domain.
HostBible sends outbound email through a relay. We publish the current sending IPs inside the TXT record at
_spf.hosted-server.net.To authorize our relay for your domain, add a TXT record to your DNS for your sending domain that includes
_spf.hosted-server.net, e.g.:v=spf1 include:_spf.hosted-server.net ~all
Web Hosting customers: if your domain uses HostBible’s default DNS and mail routing, we create and maintain this SPF record for you automatically.
What is SPF?
Sender Policy Framework (SPF) lets domain owners publish a policy in DNS that lists the servers permitted to send mail “as” their domain. When a receiving mail server gets a message from [email protected], it checks your domain’s SPF TXT record to decide whether to accept, flag, or reject that message.
Why it matters:
Protects your brand from spoofing and phishing
Improves deliverability by helping receivers trust your mail
Works alongside DKIM and DMARC for stronger, modern email authentication
How HostBible sends your email
At HostBible, we send mail through a relay (our outbound mail cluster). Instead of hard-coding IPs in every customer’s DNS, we publish the authoritative list of our sending IP addresses in a single, managed place: the TXT record at _spf.hosted-server.net.
That means you don’t need to track IP changes. When our relay IPs change, we update _spf.hosted-server.net, and all customers who reference it automatically stay compliant.
What you need to add to DNS
Record type: TXT
Name/Host: your sending domain (usually the root, shown as @)
Value:
v=spf1 include:_spf.hosted-server.net ~all
Step-by-step (generic DNS providers)
Open your DNS for the domain that sends email (e.g.,
example.com).Add a new record
Type:
TXTName/Host:
@(or the exact subdomain that appears in your mail’s “MAIL FROM”/Return-Path, if you use a subdomain)TTL: 1 hour is a good default (3600), but any standard TTL is fine
Value:
v=spf1 include:_spf.hosted-server.net ~all
Save the record.
Important: Create only one SPF TXT record per hostname. If you already have an SPF record, edit/merge it rather than adding a second one (see examples below).
Common scenarios & examples
1) HostBible is your only sender
v=spf1 include:_spf.hosted-server.net ~all
2) You also send via Microsoft 365 (Exchange Online)
v=spf1 include:_spf.hosted-server.net include:spf.protection.outlook.com ~all
3) You also send via Google Workspace (Gmail)
v=spf1 include:_spf.hosted-server.net include:_spf.google.com ~all
4) You send from a subdomain (e.g., mail.example.com)
Create a TXT record on mail.example.com:
v=spf1 include:_spf.hosted-server.net ~all
SPF is evaluated per sending domain (the domain in the envelope “MAIL FROM”/Return-Path). Ensure the SPF TXT exists on whichever domain/subdomain your system actually uses to send.
Tip: Use ~all (softfail) while you’re consolidating senders. Once you’re confident your SPF is complete, you may choose -all (fail) for a stricter policy.
“Do I add _spf.hosted-server.net as its own record?”
No. You do not create a record named _spf in your zone.
You reference our managed record by placing include:_spf.hosted-server.net inside your domain’s SPF TXT record (as shown above). We maintain the _spf.hosted-server.net TXT record on our side with the current set of authorized IPs.
Automatic management for HostBible Web Hosting customers
If you’re using HostBible Web Hosting with our default DNS and mail routing:
We automatically create the correct SPF TXT record for your domain.
We maintain it as our relay infrastructure evolves—no action required.
If you later add external email services (e.g., M365, Google, a newsletter platform), you may need to update your SPF to include those services, subject to the SPF lookup limit (see below). If you’re unsure, contact Support and we’ll advise.
If you host DNS elsewhere or use custom DNS, you’ll need to add/maintain the TXT record yourself following the steps above.
Best practices & pitfalls to avoid
Exactly one SPF TXT per hostname. If you publish two, receivers may treat your SPF as invalid. Merge mechanisms into one record.
Mind the 10-lookup limit. SPF allows at most 10 DNS lookups across
include,a,mx,ptr,exists, andredirect. Exceeding this can cause permerror.Each
include:can expand to multiple lookups. Keep your sender list lean.
Order matters. SPF is processed left-to-right. Put your most specific mechanisms first if you use any beyond
include:.Use TXT, not SPF-type records. The legacy
SPFRR type is deprecated; always use a TXT record.Keep it simple. If your domain only needs HostBible + one other sender, don’t add extra mechanisms like
aormxunless you know they’re required.Test after changes. Use a DNS lookup (
dig txt example.com +short,nslookup -type=txt example.com) or a reputable SPF checker to confirm your record.
FAQ
Q: Do I need to list IP addresses myself?
A: No. That’s the point of include:_spf.hosted-server.net. We manage and update the underlying IP list for our relay.
Q: Should I use ~all or -all?
A: ~all (softfail) is safer while you validate all your senders. Use -all (fail) once you’re certain your SPF is complete.
Q: We use a newsletter/SMTP provider as well. What then?
A: Add that provider’s supported include to the same SPF TXT—without creating a second record—while keeping an eye on the 10-lookup limit.
Q: We’re a HostBible Web Hosting customer using HostBible DNS. Do we need to do anything?
A: Usually no—we create and maintain the SPF record automatically. Only update it if you introduce additional outbound senders.
Need help?
If you’re unsure whether your SPF is correct or you’re combining multiple services reach out to HostBible Support. We’ll review your current record, consolidate where needed, and make sure you stay under lookup limits while authorizing everything you use.