Setting SPF Record

SPF allows one to specify which SMTP servers can send emails on behalf of a domain. The SPF record is defined as a DNS TXT record and specifies the list of allowed senders for the domain.

"v=spf1 a ip4:134.209.224.112 include:_spf.mx.cloudflare.net include:_spf.google.com ~all"

• v=spf1 specifies that this TXT record is indeed an SPF record.
• a include the IP addresses of the domain, as returned by the A or AAAA records. This is required to let your own server send emails.
• ip4:134.209.224.112 allows a specific server by IP address to send emails. You can also use netmasks (ie /20) to allow ranges.
• include:_spf.mx.cloudflare.net allows Cloudflare Email Routing to forward emails for your domain.
• include:_spf.google.com allow sending emails via Google Workspace/Gmail.
• ~all This marks every other server not listed so far as insecure/spam, but the email will be accepted. This can be replaced by -all which would tell the recipient to reject emails from unauthorized servers.

References

• SPF RFC 7208
• https://developers.cloudflare.com/email-routing/postmaster/
• https://support.google.com/a/answer/10685031?hl=en