How to add Static IP Address to Domain SPF Records

To add a static IP address to your domain's SPF record, you must 

update the DNS settings with your domain's registrar or hosting provider. The general process involves editing the existing SPF record to include your new IP address using the ip4 or ip6 mechanism. 

Prerequisites

1. The static IP address or IP range you want to authorize.
2. Access to your domain's DNS management settings (usually through your domain registrar or web host).
3. Your existing SPF record (if one is already configured). 

Step 1: Log in to your DNS provider

Go to your domain registrar or hosting provider's website and log in to your account. This is where your DNS records are managed. 

Step 2: Navigate to your DNS settings

Find the section for managing your domain's DNS records. This is often labeled "DNS Management," "Zone Editor," or "Advanced DNS." 

Step 3: Locate your SPF record

Look for an existing DNS record of type TXT. The SPF record will start with v=spf1. Crucially, your domain should only have one SPF record. If you have more than one, you must merge them before adding the new IP address.

1. Existing record example: v=spf1 include:_spf.google.com ~all 

Step 4: Add the IP address to the record

Edit the TXT record to include your new static IP address. The syntax depends on whether you have an IPv4 or IPv6 address. You can place the new IP address anywhere before the final ~all or -all tag. 

For a single IPv4 address

Use the ip4: mechanism, followed by your IP address.

1. Original: v=spf1 include:_spf.google.com ~all
2. Updated: v=spf1 ip4:203.0.113.123 include:_spf.google.com ~all 

For an IPv4 address range (CIDR format)

If you need to authorize a range of addresses, use the CIDR notation.

1. Original: v=spf1 include:_spf.google.com ~all
2. Updated: v=spf1 ip4:203.0.113.0/24 include:_spf.google.com ~all 

For a single IPv6 address

Use the ip6: mechanism, followed by your IPv6 address.

1. Original: v=spf1 include:_spf.google.com ~all
2. Updated: v=spf1 ip6:2001:db8:1234::1 include:_spf.google.com ~all 

Step 5: Save your changes

After updating the TXT record with the correct syntax, save your changes. 

Step 6: Wait for DNS propagation

It may take some time for your changes to propagate across the internet. This can range from a few minutes to several hours, depending on your DNS provider and the Time To Live (TTL) setting for your record. 

Important considerations

1. Verify your syntax: A single mistake in your SPF record can cause email delivery problems. You can use an online SPF record checker, such as the one from MxToolbox, to validate your record before and after making changes.
2. Stay under the 10 lookup limit: Every include: or mx: mechanism in your SPF record counts as a DNS lookup. The SPF standard recommends keeping the total number of lookups under 10. Exceeding this can cause receiving mail servers to fail the SPF check.
3. Know your enforcement level: The tag at the end of your SPF record determines how strict it is:
4. -all (hard fail): Rejects any emails from unauthorized senders. Use this for maximum security.
5. ~all (soft fail): Accepts emails from unauthorized senders but marks them as suspicious. Use this when you are still testing your SPF record.
6. Use DMARC for comprehensive protection: SPF alone is not enough to prevent all email spoofing. You should also implement DMARC, a protocol that provides more robust email authentication and reporting.