Over the last year or so we’ve had conversations with our users in which we’ve heard a need to make FreshBooks work with the SPF mail authentication protocol. SPF, or Sender Policy Framework, is a way to publish a list of what mail servers are permitted to originate mail for a domain. The idea behind SPF is that if a spammer or malicious person forges your domain (a joe-job), the recipients can detect that the messages were forged and reject the mail, saving you from having to receive all the bounces, complaints, and retribution that you’d otherwise get.
Since FreshBooks sends mail on our users’ behalf, from their domains, until now any FreshBooks users who wanted to use SPF have had to list our mail servers’ IP addresses in their list of allowed mail servers, or permit all mail servers to send mail. Neither of those situations are ideal, especially after last weekend’s server move, in which the address from which we send mail changed! And there’s always the chance that it could change again in future.
To address this problem, SPF allows you to include the contents of someone else’s record in your own with the include: directive, essentially saying “we trust this other organization’s list of mail servers”, and FreshBooks is now publishing an SPF record which you can include in your own.
To use it, add
to your SPF record (and remove any of a:server1.freshbooks.com, ip4:22.214.171.124, and ip4:126.96.36.199 that you might already have there.)
With that, you’ve told anyone checking your SPF record that you trust FreshBooks’ own list of our mail servers, which we’ll always keep up to date with all of the hosts from which your mail may originate, and your customers who check your SPF record will know that mail FreshBooks sends on your behalf is legitimate.
We hope this will make it easier to use SPF with FreshBooks!