SPF – Sender Policy Framework

Search knowledge

Browse topics written especially to help answer common question.

Table of Contents

What is SPF?

SPF, or Sender Policy Framework, is a type of email authentication that defines which mail servers, or applications, are allowed to send from your domain.

Think of your domain as a new car. Before you hit the road, you need to have a valid insurance policy that covers every driver.

SPF compared to Insurance

Each time you have an additional driver, you need to update your insurance policy to include them.

SPF works the same way as your insurance. Every tool that sends emails from your domain MUST be included within your SPF record.

Be sure to update your SPF record every time you use a new tool to send emails.

Example of a SPF TXT Record

If your domain is company.com and you use G suite to send emails, then your SPF record would look like this:

If your domain is company.com and you use G suite and SendGrid to send emails, then your SPF record would look like this:

How does SPF work?

SPF is a DNS TXT record that is published within the DNS settings of your domain hosting provider such as GoDaddy or HostGator.

Every time you send an email, you need to get through your recipient’s spam filters and firewalls. You can think of this as going through a police checkpoint.

The police will first check your DNS settings to see if you have a valid SPF record (or insurance). If you do, then they check if you are authorized to be driving the vehicle on behalf of your domain.

If the email application you’re using is listed within your SPF record, then your email is properly authenticated. This will improve your overall deliverability.

SPF explained in 5 steps:

  1. You send an email FROM [email protected] using G suite TO [email protected].
  2. Company.com’s mail server will check the DNS records at mailgenius.com for a VALID SPF Record.
  3. If an SPF record EXISTS then Company.com will check to see if G suite (Google’s mail servers) are included in the Mailgenius.com SPF record.
  4. If Google is included in the MailGenius SPF record then SPF will PASS and the email is properly authenticated.
  5. If G suite is NOT included in the MailGenius.com SPF record or an SPF record is NOT published then SPF will FAIL and the email is not properly authenticated.

Why is SPF Important?

Approximately, 293 billion emails are sent every day. Mail servers are responsible for separating real emails from spam.

A valid SPF record will improve your deliverability while helping to prevent spammers from using your domain.

This is essential for maintaining a positive domain reputation and reducing the likelihood of your email going to the spam folder.

How does SPF affect email deliverability?

There are hundreds of factors that go into reaching the inbox. SPF is only one of them.

Every mailbox has different rules. Some may allow your emails to get delivered without SPF while others may reject your message.

Mail Server Rejection due to NO SPF Record:

Having an SPF record does not guarantee you will reach the inbox, but it will increase the probability of your email being delivered to your recipient.

Create an SPF record in 6 Steps

Setting up your SPF doesn’t have to be rocket science, but it can mean the difference between your email reaching the INBOX or being sent to SPAM.

What does the MailGenius testing tool cover with regards to SPF?

  • Too many lookups
  • No SPF record published
  • SPF Fail – Server IP not listed within SPF record

Caveats, things to watch out for

  • SPF does not offer any reporting options like DMARC which makes it harder to manage.
  • SPF uses the “envelope from” to determine the sending domain not the “From” header which is shown in most clients as the actual sender of the message.
  • SPF records have a limit of 10 lookups. You can avoid this lookup limit by using a SPF Flattening tool such as https://www.autospf.com which will convert your SPF record into IP addresses and help you manage it.
  • If your SPF record ends in ?all, it is equivalent to not having an SPF record published at all. We suggest updating your SPF record to use ~all instead.
  • Be careful when copying and pasting your SPF record into your DNS settings. We suggest pasting it onto a Google Doc “without formatting” first. Then, copy it  into your DNS settings to avoid potential formatting issues.

MailGenius Tips and Tricks

  • Update your SPF record every time you add or remove a tool that sends emails from your domain.
  • Remove any tools or applications that you are no longer using from your SPF record.
  • You can only have ONE valid SPF record. Having TWO records will cause SPF to FAIL.
  • Delete any TXT records that aren’t in use such as Google TXT verification records. We suggest using CNAME’s for validation instead.
  • If you’re stuck between using -all and ~all at the end of your SPF record, we suggest picking ~all.
  • When you forward an email, SPF will break. This occurs because the ‘forwarder’ becomes the new ‘sender’ of the message and may Fail SPF.

Additional Resources

  1. Explaining SPF – Postmark
  2. What is SPF & DKIM? – Woodpecker
  3. How to Explain SPF in Plain English – Return Path
  4. What SPF records should you publish – Word to the Wise
  5. Get Your Questions Answered by Real Email Experts – LearnEmail.com