What is SPF?
SPF stands for Sender Policy Framework. It's an email authentication protocol that is published in the DNS records of a sending domain.
It gives a list of IPs, mail servers, and sending applications that are authorized to use this domain to send emails. As this list is public, the receiving server will be able to compare it with the IP or sending application of the incoming email.
It allows:
The receiver to verify the authenticity of the sender, to avoid spam or scam like phishing or spoofing.
The sender to protect his domain from malicious and unauthorized activities that could affect its trustworthiness.
Why is it important?
As for any email authentication protocols, having SPF properly set improves the deliverability of emails sent from this domain. Indeed, some email servers can block the access to email with no SPF record published.
In the same way, your domain has less chances to be blacklisted or have a bad SpamAssassin grade if it has a SPF record published.
In a nutshell, having SPF properly setup will make your emails more secure while increasing your deliverability.
Example of SPF record
I own the domain "warmbox.ai" and I'm using Google Workspace to send emails, as well as Sendgrid for marketing purposes.
I will publish this SPF record in my DNS:
v=spf1 include:_spf.google.com include:sendgrid.net ~all
We can decompose this SPF record into 3 parts:
I. The version of the SPF protocol. It always stays the same.
v=spf1
II. The "list" of authorized applications and/or servers that can send emails with the domain "warmbox.ai".
include:_spf.google.com include:sendgrid.net
III. The mechanism used. Basically, it indicate what will happen if an email using the domain "warmbox.ai" is sent from an unauthorized sending application or IP.
~all
In that case, the email that doesn't pass the SPF test will be automatically sent in spam.
Find out how to set up SPF for your domain:
Set up SPF (General Guidance) | |
Set up SPF for Google Workspace | |
Set up SPF for Office365 |