Adding KnowBe4 to Your Sender Policy Framework (SPF) Record

How to Add KnowBe4's Mail Servers to Your SPF Record

Sender Policy Framework (SPF) is a method of validation which was created to detect email spoofing. It is a process which verifies whether a particular sender is permitted to send emails on your behalf. Adding KnowBe4 to your SPF records will allow us to send our simulated phishing emails on your behalf and will reduce the likelihood that those emails will be marked as spam or phishing.

For example, If you're sending an email from KnowBe4 and your domain is CyberSecurity.com, you can create an SPF record that authorizes KnowBe4's mail servers as allowed mail servers for the CyberSecurity.com domain.

Adding the below information to your domain's SPF record will allow all of KnowBe4's mail servers to send email on your behalf:

• include:_spf.psm.knowbe4.com

Example of SPF records with a soft fail (with Google Workspace (formerly G Suite) as the mail server):

v=spf1 include:_spf.google.com include:_spf.psm.knowbe4.com ~all

What if I am at my 10 DNS lookup limit on my SPF records?

If you are at your DNS lookup limit you will need to add our IP addresses to your SPF record. For a list of our IP addresses, please see this article.

Example of SPF records with a soft fail on the U.S. KnowBe4 server (with Google Workspace as the mail server):

v=spf1 include:_spf.google.com ip4:23.21.109.197 ip4:23.21.109.212 ip4:147.160.167.0/26 ~all

After you update your SPF records, we recommend sending a test phishing email to yourself (which spoofs your domain) after you update these records.