An SPF record is a DNS TXT record that tells receiving mail systems which hosts are authorized to send mail for a domain. SPF stands for Sender Policy Framework.
If you are searching for , , or , the practical question is usually how to publish a correct sender policy without creating delivery problems later.
Quick answer
An SPF record:
- lives in DNS as a TXT record
- lists allowed sender sources
- helps receivers evaluate whether the sending host is authorized
- works best when combined with DKIM and DMARC
It is a sender-authorization control, not a complete anti-spoofing system by itself.
Where an SPF record is published
SPF is normally published on the sending domain as a TXT record.
Example:
This record says:
declares SPFpulls in provider policytells receivers other senders should fail
How SPF evaluation works
The simplified flow:
- Receiver reads the envelope sender domain.
- Receiver looks up the domain's SPF TXT record.
- Receiver evaluates mechanisms in order.
- Receiver returns a result such as
,, or.
That result then gets combined with other trust signals such as DKIM, DMARC, content, and reputation.
SPF syntax that matters most
Common mechanisms:
andfor specific IP rangesandfor host-based authorizationfor external provider policies
Common qualifiers:
hard failsoft failneutral
Most teams understand the syntax quickly. The operational problem is usually whether the record still matches reality.
SPF record examples
Simple example
Mixed provider example
Why examples are not enough
You should never copy a record just because it looks familiar. The correct SPF record depends on your actual sender inventory, domains, subdomains, and routing design.
What SPF does not do
SPF does not:
- prove message integrity
- protect the visible From domain on its own
- guarantee inbox placement
That is why SPF should always be evaluated with:
SPF record limits that break production setups
Too many DNS lookups
Heavy chains can exceed practical lookup limits and cause .
Multiple SPF records
Publishing more than one SPF record for the same domain is a common mistake and can make the policy invalid.
Stale provider includes
An old sender remains in the record long after it stopped sending.
Missing real senders
A new provider or subdomain started sending mail, but the SPF policy was not updated.
SPF troubleshooting table
| Problem | Likely cause | Fastest check |
|---|---|---|
| Missing include or IP | Compare sender inventory with record |
| Too many lookups or syntax issue | Validate policy structure |
| SPF pass but DMARC fail | Alignment issue | Check From-domain strategy |
| Inconsistent results across systems | Different sender paths or forwarding | Compare headers and routes |
Safe SPF maintenance workflow
Use this sequence when editing sender policy:
- inventory all real senders
- draft the updated record
- validate syntax with SPF checker
- publish during a controlled change window
- test real messages
- confirm DMARC and DKIM still behave as expected
Treat SPF as living infrastructure, not a one-time DNS task.
SPF and forwarding
Forwarding can complicate SPF because the envelope path can change after the original send. That is one reason DKIM often becomes the more stable source of DMARC alignment in forwarded mail paths.
This does not make SPF less important. It just means teams should not expect SPF alone to solve every delivery or spoofing scenario.
Use MailSlurp for SPF work
MailSlurp supports SPF troubleshooting with SPF checker, SPF record generator, and Email header analyzer when DNS and real-message evidence need to be compared together. Create a free account at app.mailslurp.com if you want SPF checks tied to the rest of your email release process.
FAQ
What is an SPF record in simple terms?
It is the DNS policy that tells receivers which servers are allowed to send mail for a domain.
Can I have multiple SPF records?
No. A domain should publish one SPF policy record.
Is
That depends on rollout maturity. is stronger, but teams often start more permissively while validating sender coverage.
Does SPF improve deliverability?
Yes, as part of a broader authentication stack. On its own it is not enough.
Final take
An SPF record is one of the foundational controls in modern email delivery. The teams that get the most value from SPF are the ones that keep sender inventory current, respect lookup limits, and validate SPF together with DKIM and DMARC.