Sender Policy Framework
When an email server receives an email, it can look up the SPF record for the sender domain in DNS. If an SPF record exists, the email server uses the contents of the record to determine if the email was actually sent from an legitimate sender.
When you set up a new service provider they'll often give you a short snippet, like the one above, that you need to copy/paste to your DNS.
Anatomy of an SPF record
A SPF record is a DNS record of type
TXT. The value is the interesting part and it in a simple form it can look like this:
v=spf1 include:spf.mtasv.net ?all
This record will authorize the ESP, Postmark, to deliver emails for our domain (that's the
A more complex example could be the following, which is explain in details below:
v=spf1 mx a ptr ip4:188.8.131.52/32 a:substancelab.com include:servers.mcsv.net ~all
|The version of the SPF record. For now only version 1 exists.||Servers who are also in the domains MX record are allowed to send email for this domain.||The server in the domains A record is allowed to send email for this domain.||If present all subdomains of the domain are allowed to send email for the domain.||These IP addresses and IP address ranges are allowed to send email.||Domains listed here are allowed to send emails for this domain.||This adds another SPF record to yours. It is commonly used when using third party services to deliver email. In this example we allow MailChimps servers to deliver emails for our doman.||How strict should recipient servers be when a sender doesn't match.|
- How to set up DMARC on Mailerlite
- How to add a SPF record to your domain
- How to setup SPF on Campaign Monitor
- How to Verify a Sending Domain on Convertkit
- SPF Wizard: Point and click wizard to create or update an SPF record.
- SPF Policy Tester: Tool to verify if specific IP addresses pass your SPF policy.