Skip to content
FormReceipt

Email deliverability

SPF records explained

What Sender Policy Framework does, how SPF TXT records work, and common mistakes.

Published: 2026-05-01Last reviewed: 2026-05-01

What SPF does

SPF lets receiving mail servers check whether an outbound server is authorized to send mail for your domain. The domain publishes a DNS TXT record listing permitted senders.

Syntax basics

SPF TXT records start with v=spf1, list mechanisms (include, a, mx, ip4), and end with an all mechanism such as -all or ~all.

One TXT per SPF

You should publish only one SPF TXT record for a given domain or label. Multiple SPF TXT records invalidate SPF for many receivers.

Related reading

After SPF is stable, align reporting with DMARC explained.

FAQ

Why should only one SPF TXT exist per sending hostname?
Multiple SPF TXT records at the same name make SPF invalid for many receivers, so authorized mail can fail policy checks unexpectedly.
Does SPF validate the visible From header?
SPF checks the envelope sender (typically Return-Path), while DMARC ties results to the header From domain when alignment is required.

More in this category

DKIM signing explained

DomainKeys Identified Mail: cryptographic signatures, selectors, and DNS TXT publishing.

DMARC explained

DMARC builds on SPF and DKIM, adds alignment rules, and enables aggregate and forensic reporting.

Google Workspace: SPF and DKIM

High-level steps to publish Google’s SPF include and DKIM keys for your primary domain.

Microsoft 365: enable DKIM

Enable DKIM for Microsoft 365 custom domains and publish CNAME records as instructed.

← Email deliverabilityKnowledge base home← Back to home

Cookie choices

We use a required session cookie for login and optional analytics cookies for marketing pages. Read cookie policy