Understanding SPF Records


Sender Policy Framework 


SPF, "Sender Policy Framework", is a mechanism used to fight spam email messages, by allowing domain owners to specify which sources of email should be considered a valid source of email for that domain name.  Mail server operators rely on SPF to decide whether an incoming mail message should be accepted or rejected based on its origin.

Through creating a DNS record, the SPF record for a domain name announces to receiving mail servers "these records are trusted sources of email from my organisation."  Thus, when sending email, you would want to create an SPF record for your domain name and have it be accurate in order to improve the deliverability of your mail messages.


Below would be considered a minimum requirement for an SPF record: 

TXT  " v=spf1 +a +mx ~all "

An SPF record is processed from left to right, so to understand what is happening here, there are a few common operators:

this operator permits the "A record" of the domain name to be a valid sender of this domain

mx this operator permits the "MX record" of the domain name to be a valid sender of this domain

all this operator, sometimes written as ~all or ?all advises the receiving mail server how to handle the request if mail comes from a source that is not specified in the SPF record

    ~all is SOFTFAIL (accept anything but apply further scrutiny to origins outside of specified)

    -all is FAIL (reject anything that isn't specified in the SPF)

    ?all is NEUTRAL (mail outside of the SPF record is not qualified as good or bad)

    +all is ALLOW ALL (anything can send mail on behalf of this domain, should never be used)

include specifies the inclusion of SPF records from a third party, such as google mail or a mail relaying service like MailChimp ( e.g. include:_spf.google.com ).  These records should be stipulated by the third party.



Things to Note

  • Using an SPF record doesn't guarantee mail delivery, just reduces your chances of being rejected or considered a spam sender

  • Incorrect or broken SPF records will lead to rejections, always validate records before applying them ( http://www.kitterman.com/spf/validate.html )

  • Some Mail servers require you to have an SPF record, some don't care at all.

  • cPanel servers have built in scripts for enabling SPF globally

  • You can use online tools such as https://mxtoolbox.com/SPFRecordGenerator.aspx to generate SPF records 




Have more questions? Submit a request