Glossary

SPF

Definition: Sender Policy Framework — a DNS-based email authentication method that specifies which mail servers are authorised to send email for a domain.

SPF (Sender Policy Framework) is an email authentication standard stored as a DNS TXT record. It lists the IP addresses and mail servers authorised to send email on behalf of your domain. Receiving mail servers check the SPF record to verify that incoming email claiming to be from your domain actually came from an authorised source.

How SPF Works

  1. You send an email from [email protected] via Google Workspace.
  2. The recipient's mail server receives the email and checks the SPF record for example.com.
  3. The SPF record includes Google's mail servers: v=spf1 include:_spf.google.com ~all.
  4. Google's servers are on the approved list → SPF passes → email is more likely to reach the inbox.

SPF Record Syntax

v=spf1 include:_spf.google.com include:sendgrid.net ip4:203.0.113.1 -all
  • v=spf1 — SPF version identifier
  • include: — Authorises another domain's SPF record
  • ip4: / ip6: — Directly authorises specific IP addresses
  • ~all — Soft fail: unauthorised servers are marked suspicious but not rejected
  • -all — Hard fail: unauthorised servers are rejected outright

Common SPF Mistakes

  • Multiple SPF records — Only one SPF TXT record is allowed per domain. Multiple records cause authentication failure.
  • Exceeding 10 DNS lookups — SPF limits include directives to 10 DNS lookups. Exceeding this causes a PermError.
  • Missing email sending services — If you use a third-party service (Mailchimp, SendGrid), add it to your SPF.
Free Tools