Last updated: July 2026

In short: After this guide your domain hosted at one.com has a correct SPF record. Receiving mail servers can then identify authorized one.com servers — and reject forged senders spoofing your domain.

Prerequisites

  • A one.com subscription with an active domain
  • Access to your one.com Control Panel

What is SPF?

SPF (Sender Policy Framework) is a TXT record in your domain’s DNS. As one.com explains in their official documentation: SPF (Sender Policy Framework) prevents spammers from using an email address on your domain as their sender address, known as email spoofing. Receiving servers look up this record on incoming messages and verify whether the delivering server is listed. Without SPF, your legitimate messages risk landing in spam folders or being rejected entirely.

For context: SPF alone is not a complete defense. Only together with DKIM and DMARC does it form a comprehensive email security baseline. However, SPF is the easiest and most critical starting point.

The starting point at one.com

When using one.com for email hosting, you create the required record inside your DNS settings. The canonical SPF record for one.com is:

v=spf1 include:_custspf.one.com ~all

The include target _custspf.one.com resolves dynamically to one.com’s sending IP ranges (v=spf1 ip4:195.47.247.0/24 ip4:193.202.110.0/24).

Step-by-step guide

1. Check whether SPF is already active

Fastest via the terminal:

dig TXT example.com +short | grep spf1

If a record starting with v=spf1 returns, SPF is already active. Alternatively, audit your domain with the free MXAudit scanner — it verifies syntax and monitors your lookup count simultaneously.

2. Open DNS settings in your Control Panel

Follow one.com’s navigation path: Log into your one.com Control Panel and click DNS settings on the Advanced settings tile.

3. Create the TXT record for SPF

In the DNS settings interface: Under create new record, click TXT.

Configure the TXT record fields as follows:

  • Hostname: Leave empty (so the record applies to your root domain)
  • Value / Text:
    v=spf1 include:_custspf.one.com ~all
  • TTL: Keep the default setting

Click Save to apply your new record.

4. Add additional senders (if needed)

If you send email through external platforms (such as newsletter tools, CRM services, or e-commerce engines), their servers must be authorized within the exact same record. Add the required include value immediately before the ~all mechanism (for example, include:spf.newsletter-service.com).

Important: You must only publish a single SPF record per domain. Two separate TXT records containing v=spf1 cause a permerror — leading receiving servers to disregard your SPF policy entirely.

5. Wait for propagation

DNS updates require time to propagate globally across nameservers. As one.com notes: it takes up to 90 minutes before your change is active.

The components in detail

ComponentMeaning
v=spf1Version identifier; must always stand at the beginning of the record
include:_custspf.one.comAuthorizes one.com mail servers (v=spf1 ip4:195.47.247.0/24 ip4:193.202.110.0/24); consumes exactly one DNS lookup
~allSoftfail: Unlisted servers are treated as suspicious, though messages are typically still accepted during evaluation

Verify the result

Once propagation completes, verify your setup using the free MXAudit scanner — it immediately confirms valid syntax and checks whether you remain below the 10-lookup limit.

You can also check directly via terminal:

dig TXT example.com +short | grep spf1

The terminal output must display exactly one record starting with v=spf1.

Common mistakes

Two SPF records. Creating a new TXT record while keeping an old SPF entry triggers a permerror. Always merge all sending mechanisms into a single v=spf1 string.

Outdated or incorrect includes. When hosting email at one.com, always use the canonical include target include:_custspf.one.com.

Exceeding the DNS lookup limit. SPF specifications enforce a strict limit of 10 DNS lookups per evaluation. The one.com include uses one lookup. If you authorize multiple third-party tools, monitor your total lookup expenditure closely (MXAudit calculates lookups automatically).

Further reading