SPF Record

What is Sender Policy Framework (SPF)?

Sender Policy Framework (SPF) is an email authentication method targeted to define spam by validating the sender's IP address. Domain owners are free to determine precisely who is allowed to use their domain’s name to send emails by creating a list of authorized IP addresses in the Domain Name System (DNS). To apply the SPF method, one needs to create an SPF record.

What is an SPF record?

An SPF record is a TXT record added to the organization’s DNS database. To create an SPF record, one should use special syntax, which consists of mechanisms, qualifiers, and modifiers. To define what each of the coding elements means, use the tables below:

SPF record mechanisms
SPF record qualifiers
SPF record modifiers

SPF records should always begin with "v=spf1 ..." and be written in one string.

Here is an SPF record example:

cience.com TXT "v=spf1 include: google.com ~all” Going from left to right, this record states that all the emails sent from cience.com domain should be authorized through SPF (v=spf1). The google.com domain is authorized to send emails on behalf of the cience.com domain (include:). All other domains claiming to send emails on cience.com behalf are questionable and most probably should fail the SPF test, but the result is not definitive (~all).

How does an SPF record work?

In simple words, SPF record tells servers which IP addresses (hosts) are authorized by the domain administrators and are allowed to send emails on their behalf. Thus, when an incoming email arrives, claiming to be from a certain domain, the SPF record defines if the sender of this email has the domain owner's approval to use their name. Then, the server makes a decision to either move this email to the recipient’s inbox or mark it as spam.

Here is short step-by-step guidance of how this process is happening:

How does an SPF record work?

How does applying an SPF record influence email deliverability?

The main benefit of applying SPF email authentication is that it increases the domain’s trustworthiness, which is a crucial factor for those companies whose revenue depends on email deliverability. Having an SPF record also decreases the chances of email spoofing by spammers and phishers pretending to be from a particular domain. This is happening because, with SPF, ISP filters are more likely to catch the forged email and move it to the spam folder right away, which makes SPF protected domains unattractive for scammers.

As most major email providers use the SPF email authentication method, each domain needs to apply it too, even if they are not sending emails at all (SPF also allows to deny any communication made on your domain’s behalf).