Guides, Articles and Frequently Asked Questions

  Index | Outbound Filter

What is a SPF entry and how must it be designed?

What is an SPF entry?
The SPF (Sender Policy Framework, formerly also known as Sender Permitted From) is a spam protection method used for sender authentication. The DNS records of a domain store additional information in the form of SPF records. These additional SPF records in the DNS contain detailed information about the sending mail servers.

The receiving mail server can use the SPF record of the domain to check whether the received e-mail originates from an authorized mail server or from an unauthorized server. In the latter case, the email can be identified via SPF spam protection and declared as SPAM.


What is the design of an SPF entry?

Each SPF entry must begin with the version number used. The current version starts with "v=spf1".

The following are some expressions that define the SPF entry and are evaluated in the order from front to back. The majority of the expressions are so-called directives. These define the authorization of the sender and consist of an optional qualifier and a so-called mechanism.


What must the qualifiers and mechanisms look like?


 Qualifiers  Result Code  Desciption
+ Pass  the directive defines authorized transmitter;
 this is the standard, i.e. if no qualifier is specified, + is assumed
- Fail  the directive defines unauthorized senders
~ SoftFail  the directive defines unauthorized senders, but the recipient should treat this failure generously;
 this qualifier is for testing purposes
? Neutral  the directive defines channels whose legitimacy is not to be stated; The transmitter must be accepted.


 Mechanism   Directive applies if...
all  always

 an A (or AAAA) record of the polled (or explicitly specified) domain contains the IP address of the sender

mx  an MX record of the polled (or explicitly specified) domain contains the IP address of the sender
ip4  the specified IPv4 address is the IP address of the sender or the specified IPv4 subnet contains it
include  an additional SPF request for the domain specified in the include statement contains the IP address of the sender


What must the SPF entry look like?
Go to the DNS settings of your domain and create a TXT entry with the following value:

v=spf1 -all

If you use other mail servers for sending e-mails, you can simply add "include:" to the value.


Further information about SPF entries can be found at You can also use our SPF generator.

Was this article helpful?

This site makes use of cookies to enhance browsing experience and provide additional functionality. By continuing to browse this website you are agreeing to our use of cookies. OK