SPF: Sender Policy Framework for Email Authentication
Sender Policy Framework (SPF) is a DNS record that lists which mail servers are allowed to send email for your domain.
Receiving mail servers check SPF by comparing the sender’s IP address to your domain’s SPF record. SPF helps reduce spoofing, but it works best together with DKIM and DMARC. A correct SPF record is critical when you use multiple providers like Google Workspace, Mailchimp, or your hosting SMTP.
Example
Typical SPF for a domain sending via Google Workspace plus a dedicated SMTP:
v=spf1 include:_spf.google.com ip4:203.0.113.10 ~allFrequently Asked Questions
In DNS, as a TXT record on the root domain (example.com). Some DNS panels also offer an SPF-specific UI, but it still publishes TXT.
~all is soft fail, it suggests the server is not authorized. -all is hard fail, it explicitly rejects unauthorized senders. Use -all only when you are confident all senders are included.
Multiple SPF TXT records on the same domain can cause SPF evaluation to fail. You should have one SPF record that includes all your senders.
SPF evaluation has a limit on DNS lookups. Too many include and redirect mechanisms can exceed the limit and cause SPF to fail. This is common with stacked email tools.
Not directly. SPF authenticates the envelope sender domain used during mail transfer. DMARC alignment is what ties SPF results to the visible From domain.
Add that provider’s recommended SPF include or IP mechanism into your single existing SPF record, then re-test deliverability and authentication.
Growth driven by data. Don’t let a high Bounce Rate or Black Hat SEO penalties hold your business back. Our Digital Marketing strategies focus on sustainable growth, lead generation, and maximizing your ROI through transparent, data-backed campaigns.