SPF records are used by mail exchanges to verify which hosts are allowed to send mail for that domain. It is used to validate a
sender’s identity and can help mitigate spam.
SPF records are configured using a
. There are some providers that allow you to configure it through an SPF record, but it has since been deprecated.
We recommend that you always store your SPF record information in a TXT record. If you insist on using an SPF record, make sure
you also have an identical TXT record.
All SPF records begin with a
string. This tells us which SPF version is being used.
string is followed by a series of mechanisms that will indicate different user-defined rules. The following rules indicate who
can send mail for the domain:
The sender’s domain must have an A or AAAA record that can be resolved to the sender's address.
The domain must have an MX (Mail Exchange) record that resolves to the sender's address.
AKA: the mail must come from one of the domain’s incoming mail servers.
The sender’s IP address must match (one of) the IP address listed in the SPF record.
The domain must resolve to an address. Rarely used.
This will authorize ALL subdomains and hostnames of your domain to be able to send mail. This mechanism has been deprecated and
should not be used.
All mechanisms, or each one individually, can be combined with a qualifier. Qualifiers dictate how mail exchanges should handle
for a PASS result
for a NEUTRAL result interpreted like NONE (no policy).
for SOFTFAIL, a debugging aid between NEUTRAL and FAIL. Typically, messages that return a SOFTFAIL are accepted but tagged.
for FAIL, the mail should be rejected