SPF

SPF is a DNS record that contains information about what servers are allowed to send email for a domain.

When an email server receives an email, it can look up the SPF record for the sender domain in DNS. If an SPF record exists, the email server uses the contents of the record to determine if the email was actually sent from an legitimate sender.

Anatomy of an SPF record

A SPF record is a DNS record of type TXT. The value is the interesting part and it in a simple form it can look like this:

v=spf1 include:spf.mtasv.net ?all

This record will authorize the ESP, Postmark, to deliver emails for our domain (that's the spf.mtasv.net part).

A more complex example could be the following, which is explain in details below:

v=spf1 mx a ptr ip4:1.2.3.4/32 a:substancelab.com include:servers.mcsv.net ~all
v=spf1 mx a ptr ip4:1.2.3.4/32 a:substancelab.com include:servers.mcsv.net ~all
The version of the SPF record. For now only version 1 exists. Servers who are also in the domains MX record are allowed to send email for this domain. The server in the domains A record is allowed to send email for this domain. If present all subdomains of the domain are allowed to send email for the domain. These IP addresses and IP address ranges are allowed to send email. Domains listed here are allowed to send emails for this domain. This adds another SPF record to yours. It is commonly used when using third party services to deliver email. In this example we allow MailChimps servers to deliver emails for our doman. How strict should recipient servers be when a sender doesn't match.

Tools