What is SPF?

SPF (Sender Policy Framework) is a DNS-based email authentication method that specifies which mail servers are authorized to send email on behalf of your domain.

Check your domain's SPF record:

Free SPF Checker →

How SPF Works

When a mail server receives an email, it looks up the sending domain's SPF record in DNS. The SPF record contains a list of IP addresses and servers authorized to send email for that domain. If the sending server's IP matches the SPF record, the message passes SPF authentication.

SPF Record Syntax

v=spf1 include:_spf.google.com include:spf.protection.outlook.com ip4:203.0.113.50 -all

This record authorizes Google Workspace, Microsoft 365, and a specific IP address to send email for the domain. The -all at the end means all other sources should be rejected.

Common SPF Qualifiers

+all — Pass (allow all — not recommended)
~all — Soft fail (mark as suspicious but deliver)
-all — Hard fail (reject unauthorized senders — recommended)
?all — Neutral (no policy)

SPF Limitations

SPF has a 10-DNS-lookup limit. Exceeding this causes SPF to fail. SPF also only validates the envelope sender (not the visible "From" header), which is why DMARC alignment is essential — it ties SPF results to the domain in the From header.

Monitor your SPF and DMARC together

Get Started Free

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →