What is SPF?
SPF (Sender Policy Framework) is an email authentication mechanism that helps fight spoofing (forging the sender’s address). Every email message is sent by some mail server on behalf of some sender. A mail server has an IP address. If a message is sent on behalf of, for example, info@example.com, then the recipient’s mail server (for example, Gmail) will check whether this particular mail server is allowed to send on behalf of the domain example.com. To do this, it is enough to check the SPF policy for the domain example.com. That is, SPF ultimately comes down to a list of allowed IP addresses of mail servers that have the right to send on behalf of the domain.
This policy itself is published in DNS for the root domain as a TXT record. Example value: v=spf1 a mx include:sender-solutions.com ~all
The value begins with the protocol version, in this example it is v=spf1. Then comes a list of allowed and forbidden mechanisms, which eventually resolve to IP addresses. Mechanisms are separated by spaces. Before a mechanism there may be a symbol + (allow), - (strictly deny), and ~ (softly deny — send to spam). If the symbol is not specified, + is implied.
In the example above, sending emails on behalf of the domain is allowed for:
- a - allowing all IP addresses pointed to by the domain’s A record (that is, where the website is hosted)
- mx - allowing all IP addresses listed as mail servers for this domain
- include:sender-solutions.com - allowing all IP addresses defined by the domain sender-solutions.com — such mechanisms are added when using mailing services.
- ~all - softly deny all other IPs
On the domain editing page in the sender-solutions.com dashboard, you will see information about the current SPF record. If your domain does not yet have a record, you will find instructions on which record we recommend adding.