What is SPF?

SPF stands for "Sender Policy Framework," and it's like a digital address book for emails. Imagine when someone sends you an email, SPF helps your email provider check if it's coming from the right place. It's kind of like when you get a letter in the mail, and you check the return address to make sure it's from someone you know and trust. SPF helps prevent spammers from pretending to send emails from places they shouldn't. So, it's like an extra layer of security to make sure the emails you receive are actually from who they say they're from.


SPF, or Sender Policy Framework, is an email authentication protocol that helps prevent email spoofing and phishing attacks. It works by allowing domain owners to specify which mail servers are authorized to send emails on behalf of their domain. This is achieved by publishing SPF records in the Domain Name System (DNS), containing a list of authorized IP addresses or hostnames for sending emails from that domain.

When an email is received, the recipient's email server checks the SPF record of the sender's domain to verify if the sending server is authorized to send emails on behalf of that domain. If the sending server's IP address matches one listed in the SPF record, the email is considered authenticated. If not, it may be flagged as spam or rejected altogether, depending on the recipient's SPF policy.

Overall, SPF provides a mechanism for domain owners to define and enforce policies regarding email sending, enhancing email security by ensuring that incoming emails are legitimately sent from authorized servers.

Examples of SPF DNS records

Allow specific IP addresses to send emails for the domain

example.com. IN TXT "v=spf1 ip4: ip6:2001:db8::/32 -all"

Allow specific hostnames to send emails for the domain

example.com. IN TXT "v=spf1 a mx include:spf.example.net -all"

Allow specific IP addresses, hostnames, and include mechanisms

example.com. IN TXT "v=spf1 ip4: a mx include:_spf.google.com -all"

These records specify the SPF policy for the domain "example.com." The "v=spf1" part indicates the SPF version and policy. The subsequent mechanisms define which IP addresses, hostnames, or other SPF records are authorized to send emails for the domain. The "-all" part specifies a strict policy, indicating that emails not matching the specified criteria should be rejected. These records are typically published in the DNS (Domain Name System) settings of the domain.

Follow my DIY Guide if you want to learn How to set up a Bulk Mail System that is capable of sending an unlimited number of emails, using IP rotation, and more.