What is SPF?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
When an email arrives at someone's inbox, the receiving server has to decide: is this message actually from who it claims to be from? SPF is one of the tools it uses to figure that out.
SPF (Sender Policy Framework) is a DNS record that lists which servers are allowed to send email on behalf of your domain. You publish it once in your DNS, and from that point on, receiving servers can check it whenever they get a message claiming to be from you.
Here's the practical version: someone tries to send an email with your domain in the "from" field. The receiving server looks up your DNS, finds your SPF record, and checks whether the sending server's IP is on your approved list. If it is, the message passes SPF. If it isn't, it fails.
An SPF failure doesn't automatically mean your email gets blocked. What happens next depends on your DMARC policy and the receiving server's own rules. But failing SPF is a mark against your message, especially when combined with other weak signals.
SPF works alongside DKIM and DMARC as part of the email authentication trio. SPF verifies the sending server. DKIM signs the message content. DMARC tells receivers what to do when either of those checks fail. You really do need all three.
If you're not sure whether your SPF record is set up correctly, you can check it in 30 seconds with our free SPF checker. No signup required.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.