Are you interested in implementing Sender Policy Framework (SPF) but not sure where to begin? Check out our guide to learn how to get started with SPF and how SPF records work:
What is SPF?
SPF can help protect email senders and recipients from spam, spoofing, and phishing. In addition to safeguarding against email risks, properly configuring your email authentication can positively impact your deliverability. SPF is a form of email authentication that defines a way to validate that an email message was sent from an authorized mail server, in order to prevent spam and to detect forgery. SPF was introduced as a supplement to SMTP which by itself doesn’t offer any authentication mechanisms.
What is an SPF record?
SPF establishes a way for receiving mail servers to verify that an incoming email was sent from an authorized host. It works well when used in tandem with the Domain Name System (DNS). DNS takes the domain names people use to search online (like “sparkpost.com”) and finds the corresponding Internet Protocol (IP) addresses so that internet browsers can load information.
An SPF record is included in an organization’s DNS database and is a specially-formatted version of a standard DNS TXT record. It looks something like this:
mydomain.com TXT "v=spf1 include:myauthorizeddomain.com include:sparkpostmail.com ~all”
Following along from left-to-right this SPF record says that any email that claims to be from “mydomain.com” should be validated with SPF (v=spf1). The part of the record that is labeled include: specifies that the records for “myauthorizeddomain.com” and “sparkpostmail.com” should be included when validating email from mydomain.com. This indicates that other domains are authorized to send on the mydomain.com’s behalf. Finally, ~all indicates that any other servers claiming to send mail on the domain’s behalf should be marked as questionable, and possibly fail the SPF test.
Commercial businesses sending transactional email should definitely implement at least one form of email authentication. We recommend implementing, SPF, DMARC, and DKIM for a more complete approach to authenticating your email.
Luckily, SparkPost actually handles SPF automatically— so, if you send with us all email from your account is already SPF authenticated!