Glossary
SPF
Sender Policy Framework
What is SPF?
SPF (Sender Policy Framework) is an email authentication method that helps prevent email spoofing. It works by allowing domain owners to specify which mail servers are authorized to send email on behalf of their domain.
SPF is published as a DNS TXT record that receiving mail servers can check when email arrives claiming to be from your domain.
How SPF Works
- Domain owner publishes SPF record - Lists authorized sending servers in DNS
- Sender sends email - Mail server connects to recipient's server
- Recipient checks SPF - Looks up SPF record for the sender's domain
- Recipient verifies sender - Compares connecting IP to authorized list
- Result determined - Pass, fail, softfail, or neutral
Example SPF Record
A typical SPF record might look like:
v=spf1 include:_spf.google.com include:sendgrid.net -all
This record says:
- v=spf1 - This is an SPF record (version 1)
- include:_spf.google.com - Google Workspace is authorized
- include:sendgrid.net - SendGrid is authorized
- -all - Reject email from all other sources
Common SPF Mistakes
- Too many DNS lookups - SPF has a 10 DNS lookup limit
- Missing senders - Forgetting to add marketing platforms or CRM systems
- Using +all - This authorizes everyone and defeats the purpose
- Multiple SPF records - Only one SPF record per domain is allowed