How to Add KnowBe4's Mail Servers to Your SPF Record
Sender Policy Framework (SPF) is a method of validation which was created to detect email spoofing. It is a process which verifies whether a particular sender is permitted to send emails on your behalf. Adding KnowBe4 to your SPF records will allow us to send our simulated phishing emails on your behalf and will reduce the likelihood that those emails will be marked as spam or phishing.
For example, If you're sending an email from KnowBe4 and your domain is CyberSecurity.com, you can create an SPF record that authorizes KnowBe4's mail servers as allowed mail servers for the CyberSecurity.com domain.
Before getting started, you will first need to disable your return path header in Account Settings. For more information on how to do that, see this article on our Knowledge Base.
Adding the below information to your domain's SPF record will allow all of KnowBe4's mail servers to send email on your behalf:
Example of SPF records with a soft fail (with GSuite as the mail server):
v=spf1 include:_spf.google.com include:_phishspf.knowbe4.com ~all
What if I am at my 10 DNS lookup limit on my SPF records?
If you are at your DNS lookup limit you will need to add our IP addresses to your SPF record. For a list of our IP addresses, please see this article.
Example of SPF records with a soft fail on the U.S. KnowBe4 server (with GSuite as the mail server):
v=spf1 include:_spf.google.com ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199/24 ~all
After you update your SPF records, we recommend sending a test phishing email to yourself (which spoofs your domain) after you update these records.