Guides

What is SPF in Email? Here’s the Short Answer

Published on
June 6, 2025
Post by
Mike Shamsuddin
What is SPF in Email? Here’s the Short Answer

Get more responses from your prospects. Make more sales.
Get Started for Free Today

Try For FreeLearn More
Table of Contents
Example H2
Example H3
Example H4

SPF lets you decide what email servers can send through your domain.

If an email claims to come from your domain but its sending server is not in your SPF record, it will fail authentication.

SPF helps prevent cybercriminals from pretending to send emails from your domain.

So, what is SPF in email? It’s a method to protect your domain from cybercriminals trying to spoof your sender address.

What Does SPF Stand for in Email?

SPF is short for Sender Policy Framework.

It’s a response to the rampant spam of the early 2000s when spammers would impersonate trusted domains to get into inboxes.

Since you can authorize email servers to send from your domain through SPF, emails from all other servers will fail authentication.

You can implement SPF by adding a DNS TXT record to your domain’s DNS records. Receiving email servers can check this record when authenticating incoming email.

How Does SPF Work?

  1. The domain owner adds an SPF record to their domain’s DNS records
  2. When an email is received that appears to be sent from this domain, receiving servers can check the SPF record to determine if the sending server is authorized to send emails on behalf of the domain.
  3. If the sending server or IP is found in the record, the email will get delivered normally
  4. Is the sending server not in the SPF record? If so, the email will fail authentication and could be sent to spam or not delivered at all.

How Does SPF Stop Spoofing?

SPF doesn’t completely stop spoofing but helps prevent it by letting you decide what servers can send on your domain’s behalf.

It makes it harder for cybercriminals to abuse your domain to launch phishing attacks and other scams.

If you authorize Office 365 to send from your domain, but the scammers use Google Workspace’s sending servers, the emails will fail authentication.

Foolproof? No. But it’s a good step toward more secure emails, especially when you combine SPF with other email authentication protocols like DKIM and DMARC.

Why You Need SPF

SPF isn’t just a security issue. It’s also a return-on-investment issue.

You see, even the best-ever cold email campaign can’t save you if you don’t reach your prospects’ inboxes. Without SPF, it’s highly unlikely your prospects will ever read your email.

In fact, if you’re a high-volume sender, your emails may get automatically rejected if you don’t have SPF and other email authentication methods set up.

Bottom line: Setting up SPF is no longer optional.

SPF Use Case Example

Emma runs cold outreach campaigns for her B2B SaaS company.

To actually have a chance of converting prospects, she needs them to see her emails first.

She’s using the email outreach tool Woodpecker to manage her campaigns but has her Google Workspace account connected to it to actually send the cold emails.

Since it’s Google’s servers sending the emails, she needs to authorize their servers to send through her domain. (She’s not sending from Gmail addresses, of course, but using her own domain instead. She only uses Google’s mail servers to send from her domain.)

So our friend Emma adds Google’s SPF record to her domain’s DNS records. Once the record is propagated fully, she’s one step closer to her audience’s inbox.

SPF Record Example

To show what an SPF record looks like, let’s create one in real time.

Use Mailivery’s free SPF Record Generator below. Simply pick the service(s) you use to send emails and click Generate SPF Record:

SPF Record Generator

SPF Record Generator

Please select at least one service to generate your SPF record.

Gmail Gmail/Google Workspace
Outlook Outlook/Office 365
Mailgun Mailgun
Zoho Zoho Mail
AWS Amazon AWS
Sendgrid Sendgrid
Brevo Brevo
Porkbun Porkbun

If you picked Google Workspace and Office 365 as your email providers, your record will look like this:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all

Looks complicated? It’s actually quite simple.

An SPF record is built upon several mechanisms:

  • The v mechanism holds the SPF version. Until another version comes into widespread use, this is always: v=spf1.
  • The include mechanism holds the sending server you want to authorize. In the example above, you can see there are multiple include mechanisms. That’s because we need to authorize multiple servers, and you cannot have multiple SPF records. Having multiple SPF records will cause complications during the authentication process. Oh, and by the way, sometimes the sending server is an IP number instead of a domain. When that happens, we use the ip4 or ip6 mechanisms instead of the include one.
  • The all mechanism defines the policy for emails that fail authentication. The most used settings are: -all (hard fail, and strictest policy) and ~all (soft fail, and a good setting to use during testing). -all rejects emails that fail authentication, and ~all marks them as suspicious but lets them pass. The all mechanism isn’t the only decision maker regarding what happens to emails that fail authentication. Server configuration and your DMARC record’s policy settings have the final say.

Ready to Set Up Your SPF Record? Here’s How

Convinced you can’t do cold email outreach without SPF?

Good. You’ve just improved your chances of reaching the inbox.

Now, let’s get your domain’s SPF record set up.

Follow this step-by-step guide:  how to set up an SPF record.

Don't Land In Spam.
Make more sales.
Get Started Today For Free.
Get 7-Day Free TrialLearn More

The easiest way to get responses to your cold emails.

© 2025 mailivery - all rights reserved