What is SPF?

What is SPF?

SPF stands for Sender Policy Framework. It is one of the three foundational email authentication standards (along with DKIM and DMARC).

An SPF record is a DNS TXT record that tells the world which IP addresses and servers are allowed to send email using your domain. Receiving servers check this record when they receive a message claiming to come from you.

SPF Record Syntax

A typical SPF record looks like this:

v=spf1 include:_spf.google.com include:mailprovider.example.net ~all

• v=spf1 — SPF version (always spf1)
• include: — Authorizes another domain (commonly used for email service providers)
• ip4: / ip6: — Directly authorizes specific IP addresses
• a / mx — Authorizes your domain’s A or MX records
• ~all — Soft fail (recommended starting point). -all = hard fail, ?all = neutral

Common SPF Mistakes

• Having more than one SPF record. A domain can have only one SPF record. Multiple records cause a permerror.
• Too many DNS lookups. SPF evaluation is limited to 10 DNS lookups. Too many include: statements can exceed this limit.
• Using -all too early. Start with ~all (soft fail) and only switch to hard fail after monitoring DMARC reports.

For a complete, step-by-step setup guide including DKIM and DMARC, see the Email Authentication Guide.