Marketing GlossarySPF: Sender Policy Framework
SPF: Sender Policy Framework
What is SPF?
SPF stands for "Sender Policy Framework" and is an email authentication method designed to prevent email spoofing and phishing attacks.
SPF works by allowing domain owners to specify which mail servers are authorised to send emails on behalf of their domain. This is done through a special DNS record (TXT record) that lists the IP addresses or hostnames of servers that are permitted to send emails from that domain.
When an email is received, the receiving mail server (like Gmail or Outlook) checks the SPF record of the sender's domain to verify that the email actually came from an authorised server.
If the email comes from an unauthorised server, it can be rejected or marked as suspicious.
SPF is one of the three main email authentication standards, alongside DKIM and DMARC, that work together to improve email deliverability and security.
Example
If your company uses a ficticious platform called Example to send marketing emails, you would add an SPF record to your domain's DNS that includes Example's mail servers.
The SPF record might look like this:
v=spf1 include:_spf.example.com ~all
Explanation of Each Part
v=spf1
specifies the SPF version (always starts this way).include:_spf.example.com
allows Example's mail servers to send email for your domain.~all
a soft fail for anything not explicitly allowed. Messages from unauthorised servers are accepted but marked as suspicious (often go to spam).
This tells receiving mail servers that emails from your domain are authorised to come from Example's servers, and any other source should be treated with suspicion.