Page contents
Host | Type | Value |
---|---|---|
@ | TXT | v=spf1 [mechanisms] [qualifiers] |
Host | Type | Value |
---|---|---|
@ | TXT | v=spf1 mx include:spf.protection.outlook.com ~all |
ip4 & ip6:
Specifies authorized IPv4 and IPv6 addresses.a:
Authorizes any IP address associated with the domain’s A or AAAA DNS records.mx:
Authorizes IP addresses of the domain’s Mail Exchange (MX) servers.include:
References the SPF record of another domain. This is commonly used when third-party providers are authorized to send emails on behalf of the domain.+all:
Pass (the email is accepted even if it doesn’t match any mechanism)-all:
Fail (the email is rejected if it doesn’t match any mechanism)~all:
Softfail (the email is accepted but marked as suspicious if it doesn’t match any mechanism)?all:
Neutral (the email isn’t accepted or rejected – this qualifier treats the message as if there’s no SPF policy)redirect:
Redirects the SPF check to another domain’s policy. This is useful when a domain’s email policy is fully managed by another domain.exp:
Defines a custom message that can be shown when an SPF check fails, helping explain why the email was rejected.What is SPF? Sender Policy Framework (SPF) is an email authentication protocol that enables domain owners to specify which IP addresses are authorized to send emails on behalf of their domain. This helps prevent email spoofing and improves the trustworthiness of outgoing messages.
SPF integrates with DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to provide layered email authentication. DKIM uses cryptographic signatures to confirm email content integrity, while DMARC combines the results of SPF and DKIM checks and allows domain owners to set policies for handling authentication failures.