SPF
Stands for "Sender Policy Framework." SPF is a email authentication system designed to prevent email spoofing. It works by verifying that an email message is sent from an authorized IP address. SPF is commonly used alongside DKIM, another email verification technology, though they are not dependent on each other.
In order for SPF verification to take place, the sender policy framework must be configured on the outgoing mail server. This involves turning on SPF and creating SPF record. The SPF record includes one or more IP addresses that are authorized to send mail for a specific domain name. A website admin tool like cPanel will automatically generate an SPF record when the service is enabled in the control panel. Records can also be created manually. Below is an example of a valid SPF record with two IP addresses.
v=spf1 +a +mx +ip4:12.34.56.78 +ip4:12.34.56.79 ~all
The v variable at the beginning of the string is the version. a means "pass" if the IP address has an A record in the domain's zone file. mx means "pass" if the IP address is one of the MX hosts listed in the DNS The ip4 means "pass" if the IP address matches the corresponding IPv4 address. Finally, ~all means "soft fail" if the information cannot be verified.
The possible results of an SPF check are:
- Pass
- Fail
- SoftFail
- Neutral
- None
- TempError
- PermError
Generally, the only type of error that will cause a message to be rejected is a "Fail" response. PermError, TempError, and SoftFail may also cause a message to be rejected, depending on the receiving mail server's settings. In most cases, a message with a SoftFail response will still be delivered, but it may have a higher spam score than a message that passes the check. This might cause a mail client to label the message as junk. Emails that pass SPF verification are less likely to be marked as spam, increasing the deliverability of legitimate messages.
NOTE: Like DKIM, you can typically see the results of the SPF check by viewing the headers in an email message.
Test Your Knowledge