glossary.categories.securityAcronym

SPF

Sender Policy Framework

An email authentication method that specifies which servers can send email for a domain.

Definition

Sender Policy Framework (SPF) is an email authentication standard that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. Receiving mail servers check SPF records (published as DNS TXT records) to verify that incoming mail claiming to be from a domain comes from an authorized server, helping prevent email spoofing.

Examples

SPF Record Example

A typical SPF DNS record with common mechanisms.

; SPF DNS Record (TXT)
example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 include:_spf.google.com include:sendgrid.net -all"

; Mechanisms:
; v=spf1       - SPF version
; ip4:         - Authorized IPv4 addresses
; include:     - Include another domain's SPF
; a            - Domain's A records are authorized
; mx           - Domain's MX records are authorized
; -all         - Reject all others (hard fail)
; ~all         - Soft fail (accept but mark)
; ?all         - Neutral (no policy)

Use Cases

Email authentication

Preventing domain spoofing

Improving email deliverability

Compliance with email security standards

Best Practices

List all legitimate sending sources
Use include: for third-party services
End with -all for strict enforcement
Keep SPF records under 10 DNS lookups
Monitor for SPF failures in DMARC reports

FAQ

Related Terms

DMARC

An email authentication protocol that protects against phishing and spoofing.

SPF is part of DMARC authentication

DKIM

An email authentication method that uses cryptographic signatures to verify message integrity.

Complementary email authentication

DNS

Domain Name System - translates human-readable domain names to IP addresses.

SPF records are DNS TXT records

Put SPF Knowledge Into Practice

Start monitoring your infrastructure with WizStatus.

Get started for free Browse More Terms

No credit card required • 20 free monitors forever