Help article

Sender Policy Framework (SPF): What is SPF?

Illustration of servers with spf checks

Sender Policy Framework (SPF) is an email authentication protocol designed to authorize which mail server providers can send emails on behalf of a domain. SPF authenticates the “from” address of an email, discerning whether the email was sent from an authorized source. SPF is helpful in preventing email spoofing, phishing, and the unauthorized usage of a domain.

How does SPF work?

SPF works by setting up SPF records on a domain’s DNS records that contain a list of authorized mail servers that can send emails on the domain's behalf.

When an email is sent by a domain, the receiving mail server will check the SPF record of the domain to ensure that the sending server has been authorized to send emails on their behalf. If the SPF record check passes, the email is considered valid and continues to deliver the email. If the SPF record check fails, the email is considered to be from an unauthorized source, and the message is flagged and treated as suspicious or rejected.

For example, if you want to authorize Google and Microsoft as trusted mailing servers, your SPF record may look something like this:

Example of SPF record

v=spf1

Tells the server the version of the SPF record and that the SPF record exists.

include:_spf.google.com include:spf.protection.outlook.com

Lists the authorized mail servers that can send emails on behalf of the domain. In this example, Google and Microsoft are authorized to send emails on behalf of the domain.

~all

Indicates that if the sending server is not listed in the SPF record, the email should be accepted but treated as suspicious. This is a soft fail qualifier.

Recommendation: for domains that do not send emails, use the following SPF record: v=spf1 -all

This will ensure that no IP addresses or domains are authorized sources for this domain. All emails should be rejected. This will protect your domain from spoofing attacks.

Setting up SPF with EmailGuard

Checkout our email authentication tools for user-friendly processes to help set up SPF records for your domains.

SPF Lookup

1. If you are unsure about your SPF setup, use our SPF Lookup tool to verify SPF records for your domain.

SPF record lookup screenshot from EmailGuard

SPF Generator Wizard

2. The SPF Generator Wizard can assist in generating SPF records for your domain for popular email providers that you use. (i.e., Google, Microsoft, Mailchimp, etc.)

SPF record generator wizard screenshot from EmailGuard

SPF Raw Generator

3. The SPF Raw Generator tool allows you to generate raw SPF records for your domains.

SPF record raw generator tool screenshot from EmailGuard

Why are SPF records important?

SPF records are an important layer of email security. It lets the receiving server know if the email sent came from an authorized source. It adds legitimacy to emails sent on behalf of your domain.

SPF records protect your domain from being spoofed. By adding an SPF record to your domain, you reduce the risk of spam filters blacklisting your domain. Many Internet Service Providers (ISPs) check for your SPF record to ensure emails are sent from an authorized source listed in your SPF record. If your SPF record is not configured correctly, your emails can be rejected or land in spam. This negatively impacts your email deliverability. By validating the source of your emails, your emails are more likely to be delivered.

SPF records improve email deliverability and keep you compliant with best practices. A missing or incorrectly configured SPF record can result in a failed SPF check and stop your emails from being delivered. These factors can harm your domain's reputation and result in a loss of business.

It is always better to have an SPF record, as it helps build trust with your customers and protects your domain reputation. The intent of sending an email is to land in your recipient's inbox. By using email authentication tools, you are increasing your chances of landing in the inbox and improving your email deliverability. It is important to note that SPF is one layer of email security. Ensure your emails are authenticated and secure with SPF, DKIM, and DMARC records. Use our DMARC monitoring tool to get valuable insights into the overall health of your email ecosystem.

Everything you need to power up your email game in one place.

Start now for free. No credit card required.