SPF (Sender Policy Framework) is an email authentication standard that lets a domain owner publish a list of servers authorized to send mail on its behalf. Receiving servers check this list before delivering, which dramatically reduces spoofing and improves deliverability.
How SPF works
SPF is published as a TXT record in your DNS. When a mail server receives a message claiming to come from your domain, it queries your SPF record and checks whether the connecting server’s IP is allowed. If yes, the message is authenticated; if no, it can be marked as suspicious or rejected.
SPF, DKIM and DMARC: how they fit together
| Standard | What it verifies | Where it lives |
|---|---|---|
| SPF | Which IPs can send for the domain | DNS TXT record |
| DKIM | Cryptographic signature on each message | DNS TXT record + email header |
| DMARC | Policy when SPF/DKIM fail | DNS TXT record |
Sample SPF record for Mailpro
If you only send through Mailpro, your record looks like:
v=spf1 include:_spf.mailpro.com -all
The -all tells receivers to reject any other source. Use ~all (soft fail) while testing. See our step-by-step guide on how to configure SPF with Mailpro and DNS & SPF configuration.
Common SPF mistakes
Multiple SPF records on the same domain (only one is allowed), too many DNS lookups (the limit is 10), missing third-party senders such as your CRM or ticketing tool. Validate your record with our SPF tools page.