Deliverability & the inbox

SPF (Sender Policy Framework)

Also known as: sender policy framework · email authentication

A DNS TXT record that declares which IPs are authorised to send mail on behalf of a domain — one of the three email-authentication signals (SPF, DKIM, DMARC) mailbox providers check on every message.

SPF (Sender Policy Framework) is a DNS-level authentication mechanism: a TXT record published at the domain root lists which IP addresses and sending services are authorised to send mail as the domain. When a message arrives, the receiving server checks the return-path domain's SPF record against the connecting IP. Match = SPF pass. SPF alone is weak — it only verifies the envelope sender, not the displayed From address — so mailbox providers now require SPF paired with DKIM and wrapped in DMARC alignment to get full inbox credit. Common SPF mistakes: too many include: lookups (SPF has a 10-lookup limit), forgotten third-party senders (billing, support tickets) failing silently, and "-all" (hard fail) set too aggressively for the actual sending reality.

Read next

See also

← Back to the glossary