An SPF record (Sender Policy Framework record) is a type of DNS (Domain Name System) record that helps prevent email spoofing. It tells email servers which IP addresses or domains are authorized to send emails on behalf of your domain. It helps prevent email spoofing by allowing receiving servers to verify that an incoming email comes from an approved source.
SPF helps:
Prevent spammers from forging emails that appear to come from your domain.
Improve email deliverability by helping receiving servers verify legitimate senders.
Protect your domain's reputation.
When an email is received, the receiving mail server:
Looks up the domain’s SPF record in DNS.
Checks the IP address of the sender against the IPs listed in the SPF record.
Decides whether to accept, flag, or reject the email based on the result.
It’s a TXT record in your DNS. Here's an example:
v=spf1 ip4:192.0.2.1 include:_spf.google.com -all
This means:
v=spf1 – It's an SPF version 1 record.
ip4:192.0.2.1 – This IP is allowed to send mail for the domain.
include:_spf.google.com – Also include Google’s SPF record (e.g., if using Google Workspace).
all – Reject all other senders not listed.
+ (Pass – default): Allow.
- (Fail): Do not allow.
~ (SoftFail): Mark as suspicious.
? (Neutral): No policy.
Reduces Spam: By verifying sender authenticity, SPF helps filter out fraudulent emails.
Improves Deliverability: Properly configured SPF records make legitimate emails less likely to be marked as spam.
Enhances Security: It prevents unauthorized use of the domain, safeguarding its trustworthiness.
In short, an SPF record is a simple and effective tool to improve email security by ensuring only approved servers can send emails on behalf of a domain.