Sender Policy Framework, SPF is used to validate domains from which the e-mail was sent. SPF determines the IP addresses that have authority to send and receive e-mail messages. It also protects users from spammers that manage to forge domains.

In order to create a new SPF record on your DNS, create a new TXT record.

  • Use your domain name as a subdomain name. For example,
  • As a record name, use v=spf1 a mx ~all

In this example, “v=spf1” determines the current SPF version, “a” allows to accept messages from the node that uses the address as the one listed in the A-record of the domain, and “mx” allows to accept emails if the sender is listed in of the mx-records for the domain. The line ends with «~all» — showing that all emails that do not pass this verification will be marked as spam.

These are all the options you can use:

  • “v=spf1” – determines the version of SPF;
  • “+” – tells the server to accept the mail (Pass). Checked on by default.;
  • “-” – tells the server to deny the mail (Fail);
  • “~” – tells the server to accept the mail, but mark it as spam (SoftFail);
  • “?” – tells the server to disable SPF completely;
  • “mx” – includes the list of servers listed in the domains MX-records;
  • “ip4” – allows to pinpoint n address or a network of addresses allowed to send messages from the domain;
  • “a” – determines how to act when receiving the mail from them ;
  • “include” – lists the hostnames that have access;
  • “all” – all other servers that are not listed yet;
  • “ptr” – checks the PTR-record of the sender’s IP address.;
  • “exists” – checks whether or not the domain resolves to any IP-address.
  • “redirect” – redirects the SPF record check to another domain;

Using these options, you can create relatively complex SPF records. For example: “v=spf1 mx ip4: ~all”