🔒How to Set a Global SPF Record for All Domains in DirectAdmin (Existing & New Accounts)

by

When running a mail server or hosting multiple domains on DirectAdmin, setting a proper SPF (Sender Policy Framework) record is crucial for improving email deliverability and preventing spoofing.

In this guide, you’ll learn how to set the following SPF record globally — for both existing domains and all newly created accounts:

v=spf1 a mx ip4:<span style="color:red;">YOUR.IP.ADDRESS.1</span> ip6:<span style="color:red;">YOUR:IPV6:ADDRESS</span> ip4:<span style="color:red;">YOUR.IP.ADDRESS.2</span> ip4:<span style="color:red;">YOUR.IP.ADDRESS.3</span> ip4:<span style="color:red;">YOUR.IP.ADDRESS.4</span> include:spf-c.mailbaby.net ~all

📝 Replace all YOUR.IP.ADDRESS.* and YOUR:IPV6:ADDRESS placeholders with your actual sending IP addresses.

✅ Step 1: Apply SPF to All Existing Domains

To add or update this SPF record in all current domain zone files:

  1. Login via SSH as root.
  2. Run the following script:
cd /var/named
for zone in *.db; do
  domain=$(basename "$zone" .db)
  if ! grep -q "v=spf1" "$zone"; then
    echo "\"${domain}.\" 14400 IN TXT \\\"v=spf1 a mx ip4:YOUR.IP.ADDRESS.1 ip6:YOUR:IPV6:ADDRESS ip4:YOUR.IP.ADDRESS.2 ip4:YOUR.IP.ADDRESS.3 ip4:YOUR.IP.ADDRESS.4 include:spf-c.mailbaby.net ~all\\\"" >> "$zone"
  else
    sed -i "/v=spf1/c\\\"${domain}.\" 14400 IN TXT \\\"v=spf1 a mx ip4:YOUR.IP.ADDRESS.1 ip6:YOUR:IPV6:ADDRESS ip4:YOUR.IP.ADDRESS.2 ip4:YOUR.IP.ADDRESS.3 ip4:YOUR.IP.ADDRESS.4 include:spf-c.mailbaby.net ~all\\\"" "$zone"
  fi
done

Then restart DNS:

service named restart

✅ Step 2: Add SPF Record to All Future Domains

Edit the DirectAdmin DNS template file:

nano /usr/local/directadmin/data/templates/dns_txt.conf

Add this line at the bottom:

|DOMAIN|. 14400 IN TXT "v=spf1 a mx ip4:YOUR.IP.ADDRESS.1 ip6:YOUR:IPV6:ADDRESS ip4:YOUR.IP.ADDRESS.2 ip4:YOUR.IP.ADDRESS.3 ip4:YOUR.IP.ADDRESS.4 include:spf-c.mailbaby.net ~all"

Then rewrite templates for all users:

cd /usr/local/directadmin/scripts
./dnsrewrite.sh all

🔍 Step 3: Test Your SPF Record

After applying the record, test using:

dig TXT yourdomain.com +short

⚠️ Final Tips

  • Make sure only one SPF record exists per domain.
  • Verify all IPs are legit and sending email.
  • For full protection, also configure DKIM and DMARC.

By automating your SPF record setup across DirectAdmin, you secure and standardize email delivery for all your domains — both current and future.