What is SPF?
SPF stands for Sender Policy Framework
When you receive an email, your email server should be checking the sending domain for an SPF record. The SPF record is stored in DNS and helps to determine if the location that the email came from is legitimate.
The SPF record lists all the places that a domain is allowed to send email from. This could be a website, CRM system as well as the main email server.
Here's a simple, clean example of an SPF record.
v=spf1 include:spf.sendinblue.com -all
The last part of the SPF record is important as this tells the receiver what they ought to do with the email.
The most common settings are '-all' and '~all'
- +all = Pass. Accept all email, even though it might not be from a legitimate source.
- -all = Fail. The sending server isn't allowed to send mail for this domain. Email should be rejected.
- ~all = Soft Fail. The sending server isn't allowed to send mail for this domain. It's up to you if you accept it or not.
- ?all - Neutral. The sending domain isn't saying either way if the sender is ok or not.
Below are some useful resources
- Check an SPF record > https://www.spf-record.com/spf-lookup
- Generate your own SPF record > https://www.spf-record.com/generator
- A more detailed explanation about SPF > https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/
If your domain doesn't send email
Sometimes you might have a domain name that isn't used to send email. If this is the case you should use the following SPF record.
v=spf1 -all