SPF: What It Is & How to Set Up Sender Policy Framework

SPF (Sender Policy Framework) is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. Receiving servers check SPF records to verify that incoming emails come from authorized sources.

Why SPF Matters

SPF helps prevent email spoofing, where attackers send emails pretending to be from your domain. Without SPF, anyone can forge your email address and send malicious emails that appear to come from you. SPF is essential for protecting your brand reputation and ensuring your legitimate emails reach recipients.

How SPF Works

When you send an email, the receiving server looks up your domain's SPF record in DNS. This record contains a list of IP addresses and servers authorized to send mail for your domain. If the sending server's IP matches the SPF record, the email passes SPF authentication. If not, it may be marked as suspicious or rejected.

SPF Best Practices

Include all IP addresses and services that send email for your domain

Use the ~all or -all mechanism to specify how to handle unauthorized senders

Keep your SPF record under the 10 DNS lookup limit

Update SPF records when adding new email services or ESPs

Combine SPF with DKIM and DMARC for complete authentication

Frequently Asked Questions

What is an SPF record?

An SPF record is a TXT record in your domain's DNS that lists all servers authorized to send email for your domain. It typically looks like: v=spf1 include:_spf.google.com ~all

What does SPF ~all vs -all mean?

~all (softfail) means unauthorized emails should be marked as suspicious but still delivered. -all (hardfail) means unauthorized emails should be rejected. Start with ~all and move to -all once you've confirmed all legitimate senders are included.

SPF

Every email term you need to master email marketing and email deliverability, explained clearly and simply.

Definition