Learn · email signature glossary

SPF

TL;DR

SPF (Sender Policy Framework) is a DNS TXT record in which a domain lists the mail servers and IP addresses authorized to send email on its behalf.

SPF stands for Sender Policy Framework. It is a DNS TXT record on your domain that lists which servers and IP addresses are allowed to send email for that domain. When a message arrives, the receiving server looks up the SPF record of the domain in the message's return path and checks whether the connecting server's IP is on the list. A typical record looks like 'v=spf1 include:_spf.google.com ~all', which authorizes Google's mail servers and soft-fails everything else.

Re: In practice

Why it matters

Without SPF, any server on the internet can claim to send mail for your domain and many receivers will hesitate to junk it. With SPF, forgeries from unauthorized servers fail a concrete, checkable test, and your legitimate mail earns a reputation signal that helps it reach the inbox. Two limits are worth understanding. First, SPF checks the hidden return-path domain, not the From address a recipient sees, so on its own it does not stop From spoofing; that is DMARC's job. Second, an SPF record allows at most ten DNS lookups, so companies stacking Google Workspace, a marketing platform, and a CRM can hit the cap and silently break authentication. Every service that sends as your domain must be in the record, and the record needs pruning when tools are dropped.

Ready to create your email signature?

Free generator, no account required. Works in Gmail, Outlook, and Apple Mail.

Try Free Generator