en

SPF (Sender Policy Framework) is an email protection mechanism that specifies which servers are allowed to send mail on behalf of a domain. The list of these servers is published in DNS inside a special TXT record, so the recipient can verify the authenticity of the sender.

How SPF works

When a mail server receives a message, it looks at the sender's domain, requests its SPF record from DNS and compares the IP address of the sending server against the list of allowed ones. If the address is on the list, the message passes the check; if not, it lands in spam or is rejected. An example record: v=spf1 include:_spf.google.com ~all.

Why you need an SPF record

Without SPF, an attacker can forge the sender's address and send messages supposedly coming from your domain. SPF closes this hole:

  • Protection from spoofing — foreign servers will not pass the authenticity check.
  • Deliverability — messages with a correct SPF are less likely to end up in spam.
  • Part of a set — together with DKIM and DMARC (also TXT records) it forms complete email protection.

SPF is a simple but important step in protecting the reputation of a domain and its owner.

SPF: protecting email from spoofing
Learn more