Sophos Email Security SPF Setup

SPF (Sender Policy Framework) is an email authentication protocol that helps prevent unauthorized servers from sending emails on behalf of your domain. By configuring an SPF record, you improve email deliverability and protect your domain from spoofing.

Sophos is a cybersecurity company that offers cloud-based email security and filtering solutions, including Sophos Email, which processes and delivers your organization’s email through their infrastructure.

This guide will walk you through the steps to configure SPF for your domain when using Sophos to secure your email traffic.

Sophos SPF Requirements

Sohpos provides multiple SPF records, please pick the SPF record for the region where your Sophos Email Security instance is hosted.

Region	Type	Value
United States (West)	TXT	`_spf_uswest2.prod.hydra.sophos.com`
United States (East)	TXT	`_spf_useast2.prod.hydra.sophos.com`
Germany	TXT	`_spf_eucentral1.prod.hydra.sophos.com`
Ireland	TXT	`_spf_euwest1.prod.hydra.sophos.com`
Canada	TXT	`_spf.eml100yul.ctr.sophos.com`
Australia	TXT	`_spf.eml100syd.ctr.sophos.com`
Japan	TXT	`_spf.eml100hnd.ctr.sophos.com`
India	TXT	`_spf.eml100bom.ctr.sophos.com`
Brazil	TXT	`_spf.eml100gru.ctr.sophos.com`

Note: In this example we will use the SPF record from United States (West). If you’re already using Sendmarc for SPF management, simply copy ‘include:_spf_uswest2.prod.hydra.sophos.com‘ and follow the steps here.

To authorize Sophos to send emails on your domain’s behalf:

Log in to your domain’s DNS dashboard.
Go to the page where you can update the DNS settings on that domain.
Check if a TXT record starting with v=spf1 already exists.

- If it exists, modify the existing record to include Sophos (details in the table below).
- If not, create a new TXT record.

Example of an updated SPF record:

Host	Type	Value
@ or blank	TXT	v=spf1 include:another.net `include:_spf_uswest2.prod.hydra.sophos.com ~all`

Example of a new SPF record:

Host	Type	Value
@ or blank	TXT	`v=spf1 include:_spf_uswest2.prod.hydra.sophos.com ~all`

Save your changes in the DNS control panel.

Allow up to 48 hours for DNS propagation, depending on your DNS host.

How to update your SPF settings using Sendmarc

For detailed instructions on how to update your SPF record through Sendmarc, refer to the Sendmarc SPF Setup Documentation.

Sophos’s Documentation

Refer to Sophos’s official documentation for SPF setup here.

Looking for DKIM Settings?

Find out how to configure your Sophos DKIM settings here.