SPF (Sender Policy Framework) is a DNS TXT record listing IPs and servers allowed to send mail on behalf of your domain. Without SPF, Gmail/Yandex.Mail/Mail.ru drop mail into spam. Minimum record: v=spf1 ip4:YOURIP -all. For Google Workspace: v=spf1 include:_spf.google.com ~all. Verify via the DNS checker.
Below: step-by-step, working examples, common pitfalls, FAQ.
Free online tool — DNS lookup tool: instant results, no signup.
@ (domain apex)v=spf1 include:provider1 include:provider2 -allcheck-auth@verifier.port25.com — receive an auto-report| Scenario | Config / Record |
|---|---|
| Google Workspace only | v=spf1 include:_spf.google.com ~all |
| Yandex360 only | v=spf1 redirect=_spf.yandex.net |
| Google + Mailchimp + own IP | v=spf1 ip4:203.0.113.10 include:_spf.google.com include:servers.mcsv.net ~all |
| Mailgun | v=spf1 include:mailgun.org ~all |
| Block all sending (parked domain) | v=spf1 -all |
+all instead of -all allows any source and defeats SPFTo set up an SPF record, create a TXT record in your DNS settings with the format v=spf1 include:example.com -all. Replace example.com with your domain or the domains of your email service providers. This record specifies which mail servers are permitted to send emails on behalf of your domain, enhancing email security and deliverability.
Sender Policy Framework (SPF) is an email authentication protocol designed to prevent spammers from sending messages on behalf of your domain. An SPF record is a type of DNS record that lists the IP addresses or hostnames of authorized mail servers for your domain. When an email is sent, the receiving mail server checks the SPF record to verify that the email comes from an authorized source.
SPF records are crucial for maintaining your domain's reputation and ensuring that your emails reach their intended recipients. Without a proper SPF record, your emails are more likely to be flagged as spam or rejected entirely. The SPF specification is defined in RFC 7208.
An SPF record typically consists of several components, including:
v=spf1.ip4: Specifies an IPv4 address or range.ip6: Specifies an IPv6 address or range.include: Allows the inclusion of another domain's SPF record.all: Matches any source, typically used at the end of the record.exp: for explanations.For example, a simple SPF record might look like this:
v=spf1 ip4:192.0.2.1 include:mail.example.com -allThis record indicates that emails from your domain can be sent from the IP address 192.0.2.1 and any server listed in mail.example.com.
Setting up an SPF record involves several steps, from accessing your DNS settings to verifying the configuration. Follow this detailed guide to ensure proper implementation:
@ for the root domain).TXT.v=spf1 ip4:192.0.2.1 include:mail.example.com -all).For example, if you're using Google Workspace for your email, your SPF record may look like this:
v=spf1 include:_spf.google.com ~allThis configuration allows Google’s servers to send emails on behalf of your domain while marking other sources as suspect.
DNS (Domain Name System) translates domain names into IP addresses. DNS records are instructions that define where to route traffic, email, and how to verify domainownership.
Query all record types — A, AAAA, MX, NS, TXT, CNAME, SOA — in a single request.
Direct queries to authoritative servers. Results in milliseconds, no caching.
SPF, DKIM, and DMARC analysis to evaluate email protection against spoofing and phishing.
Save check results. Compare DNS records before and after registrar changes.
DNS check after deploy
SPF/DKIM/DMARC audit
DNS config audit
DNS zone control
v=spf1 TXT record.DNS check history, API keys and DNS change monitoring.
Sign up free<code>~all</code> (softfail) marks mail as suspicious but may still deliver. <code>-all</code> (hardfail) rejects it. Start with <code>~all</code>, switch to <code>-all</code> after 1-2 clean weeks.
Yes — they are different mechanisms. SPF verifies the sender IP, DKIM signs content. DMARC requires at least one to align. Configure both.
Yes, as long as you do not exceed 10 total DNS lookups (including nested).
Via <a href="/en/dns">Enterno DNS Checker</a> — enter domain, pick TXT, view all TXT including SPF. Or: <code>dig TXT example.com</code>.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.