What is “Received-SPF”?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You're looking at email headers and you see a Received-SPF header sitting alongside (or instead of) the Authentication-Results header. They're related, but they're not the same thing.
Received-SPF is an older format for recording SPF check results. It predates the consolidated Authentication-Results format and is still widely generated by many mail servers. A typical example looks like this:
Received-SPF: pass (google.com: domain of newsletter@mail.example.com
designates 192.0.2.1 as permitted sender)
client-ip=192.0.2.1;
envelope-from="newsletter@mail.example.com";
helo=mta.example.com
Reading the parts: the first word after the colon is the result (pass, fail, softfail, neutral, or none). The parenthetical explains which server did the check and what it concluded. client-ip is the IP address that was checked. envelope-from is the Return-Path domain that the check was run against, which is often different from the visible From address. helo is the hostname the sending server announced itself as.
If you see a softfail here, it means the IP isn't authorized but the domain hasn't set a hard failure policy. A fail means it's definitely unauthorized. Either way, the fix is usually to update your SPF record to include the sending IP or service. You can validate your current SPF record with our free SPF Checker.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.