SPF Record Explained: What It Is and Why You Need It

SPF is one of the three email authentication methods that stop your emails from going to spam. Without it, anyone could send emails pretending to be you.

What Is an SPF Record?

SPF stands for Sender Policy Framework. It's a DNS record that lists all the servers allowed to send emails on behalf of your domain.

Think of it like a guest list at a party. When someone shows up claiming to be from your company, the email provider checks the SPF record to see if they're on the list. If they're not, the email looks suspicious.

What an SPF Record Looks Like

Here's an example SPF record for a company using Google Workspace and Mailchimp:

v=spf1 include:_spf.google.com include:servers.mcsv.net ~all

Let's break this down:

  • v=spf1 - This identifies it as an SPF record
  • include:_spf.google.com - Allows Google Workspace to send emails
  • include:servers.mcsv.net - Allows Mailchimp to send emails
  • ~all - Soft fail for anything not listed (emails may go to spam)

What Happens Without an SPF Record

Without an SPF record, email providers have no way to verify if an email really came from your domain. This causes several problems:

  • Your emails go to spam - Email providers treat unverified emails as suspicious
  • Spammers can impersonate you - Anyone can send emails that appear to come from your domain
  • Your domain reputation suffers - If spammers abuse your domain, it gets blacklisted
  • DMARC won't work - DMARC relies on SPF (and DKIM) to function

Common SPF Problems

1. Missing SPF Record

The most common problem is simply not having an SPF record at all. Many domain owners don't know they need one.

2. Incomplete SPF Record

You might have an SPF record for Google Workspace but forgot to add Mailchimp or SendGrid. Every service that sends emails for you needs to be included.

3. Too Many DNS Lookups

SPF has a limit of 10 DNS lookups. If you use many email services, you might exceed this limit. When this happens, SPF fails completely.

4. Multiple SPF Records

You can only have ONE SPF record per domain. If you have two, both are invalid. This often happens when someone adds a new service without updating the existing record.

5. Using -all Instead of ~all

-all (hard fail) tells email providers to reject any email not on the list. This is strict and can cause problems if your SPF isn't perfect. Most experts recommend ~all (soft fail) instead.

How to Fix Your SPF Record

Fixing your SPF record involves three steps:

  1. List all services that send emails for you - This includes your email provider (Google Workspace, Microsoft 365), marketing tools (Mailchimp, SendGrid), and any other services.
  2. Create or update your SPF record - Combine all the "include" statements into a single SPF record.
  3. Add it to your DNS - Add the SPF record as a TXT record in your domain's DNS settings.

Check Your SPF Record

Find out if your SPF record is set up correctly. Free scan in 10 seconds.

Related Articles