Crawlsonar
Email

SPF (Sender Policy Framework)

A DNS record that lists which mail servers are allowed to send email using your domain, so receivers can spot forgeries.

In plain English

SPF is like a guest list at the door. When an email claiming to be from you arrives, the receiving mail server checks whether the server that sent it is on your published guest list. If it isn't, the message looks like an impersonation and is far more likely to be rejected or dumped in spam.

Since 2024, Gmail and Yahoo require SPF for anyone sending in bulk, so a correct record isn't optional if you want to reach the inbox.

How to fix / set it up

  1. List every service that sends mail for you (Google Workspace, Microsoft 365, your marketing tool, your server).
  2. Combine them into one record, e.g. v=spf1 include:_spf.google.com ip4:203.0.113.10 -all.
  3. Publish it as a TXT record on your domain and verify the lookup count stays under 10.

SPF CheckerSPF Generator

The technical detail

SPF is a single TXT record starting with v=spf1 and ending in an all mechanism: -all (hard fail — strongest), ~all (soft fail — good while testing), ?all (neutral), or +all (never use — authorises everyone).

Two rules break SPF: there must be exactly one v=spf1 record, and it must resolve within 10 DNS lookups. Prefer ip4:/ip6: (zero lookups) over lots of include:.

FAQ

Can I have two SPF records?

No — two v=spf1 records make SPF fail for all your mail. Merge them into one.

-all or ~all?

Use -all once you're sure every legitimate sender is listed; ~all while you're still testing.

Related

← All topics in the knowledge base