Common SPF Record Examples To Enhance Your
Domain's Email Deliverability And Security

Ensuring effective email deliverability and bolstering security are two critical priorities for businesses today. One major factor in both is the implementation of Sender Policy Framework (SPF) records, which can help reduce spam, phishing, and spoofing while ensuring legitimate emails are more reliably delivered. This article explores common SPF record examples to help you understand how to set up and customize SPF records to protect your domain.


What is an SPF Record?


Sender Policy Framework (SPF) is a kind of DNS record that identifies the mail servers permitted to send emails for a specific domain. Through SPF, domain administrators can enumerate all IP addresses, domains, or subdomains that are allowed to dispatch emails on their behalf. When an email server gets a message, it consults the SPF record to ensure that the sender has permission to utilize that domain. This mechanism helps block unauthorized senders or spoofers from masquerading as your domain and improves the chances of your emails being delivered by verifying their legitimacy.



How SPF Records Work


When a recipient’s mail server receives an email, it uses the SPF record to verify whether the email originated from an authorized sender. Here’s a step-by-step breakdown:


  • The email server retrieves the SPF record from the DNS for the sender’s domain.

  • It compares the sender's IP address against the IP addresses and domains listed in the SPF record.

  • Based on the results, it accepts, rejects, or flags the email, depending on how closely the sender matches the SPF record.

Benefits of Implementing SPF Records


SPF records act as a safeguard against email spoofing, phishing, and various other email-related threats. Additionally, they enhance the chances of legitimate emails reaching their destination without being flagged as spam. When an SPF record is established, recipient servers are more inclined to recognize and trust messages originating from your domain.


SPF Record Syntax Explained


To create an SPF record, you need to define its syntax, which contains several elements. Here’s a quick overview:


  • v=spf1: Specifies the version of SPF being used.

  • ip4 or ip6: Defines the authorized IP addresses in either IPv4 or IPv6 format.

  • include: Adds other domains allowed to send emails on behalf of your domain.

  • all: Used at the end of the SPF record, specifying the action to take if a sender’s IP does not match.

Let’s move on to some common examples of SPF records.


Common SPF Record Examples


Example 1: Basic SPF Record

A basic SPF record allows only specific IP addresses to send emails on behalf of a domain. For instance:

v=spf1 ip4:203.0.113.1 -all

In this example:


  • v=spf1 defines the SPF version.

  • ip4:203.0.113.1 specifies the IP address authorized to send email.

  • -all indicates that any IP address not listed should be rejected.

This basic SPF record is useful for small businesses or personal domains using a single mail server.


Example 2: SPF Record with Multiple IPs

If you use more than one mail server to send emails, you can include multiple IP addresses in your SPF record:

v=spf1 ip4:203.0.113.1 ip4:203.0.113.2 -all

This example authorizes two IP addresses. By adding multiple IPs, you can ensure all your mail servers are permitted to send emails, reducing the risk of legitimate emails being rejected.



Example 3: SPF Record with an "Include" Mechanism

When using third-party services like Gmail or Mailchimp to send emails, you need to "include" those services in your SPF record:

v=spf1 include:_spf.google.com -all

In this example:


  • include:_spf.google.com allows Google servers to send emails on behalf of your domain.

  • The -all directive tells servers to reject any emails from other sources.

The "include" mechanism is essential for businesses that rely on external email services.


Example 4: SPF Record with Soft Fail (-all)

Instead of a strict fail (-all), you might use a "soft fail" (~all) if you want to allow emails from unknown sources but mark them as suspicious:

v=spf1 ip4:203.0.113.1 ~all

In this context, the term all indicates that emails originating from unauthorized IP addresses are flagged as possibly fraudulent rather than being completely blocked. This approach is beneficial for testing purposes or in situations where there is doubt regarding the legitimacy of all approved sending sources. Click here to see additional information.