Question 1

What is an SPF record?

Accepted Answer

SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. Receiving mail servers check the SPF record to verify the sender is legitimate.

Question 2

What is the 10 DNS lookup limit?

Accepted Answer

SPF records are limited to 10 DNS lookups total. Each "include", "a", "mx", "exists", and "redirect" mechanism counts as one lookup. Nested includes count too. Exceeding 10 lookups causes SPF to return a permanent error (PermError), which may cause email delivery issues.

Question 3

Should I use ~all (SoftFail) or -all (Fail)?

Accepted Answer

Start with ~all (SoftFail) while testing to avoid accidentally blocking legitimate email. Once you've confirmed all your sending sources are listed, switch to -all (Fail) for maximum protection against spoofing.

Question 4

Can I have multiple SPF records?

Accepted Answer

No. Having more than one SPF TXT record on a domain causes both to be invalid (PermError). If you need to authorize multiple sources, combine them into a single SPF record using "include" mechanisms.

Question 5

How does SPF relate to DMARC?

Accepted Answer

DMARC builds on SPF (and DKIM) to provide domain-level email authentication. DMARC checks that the domain in the "From" header aligns with the domain that passed SPF. Without SPF, DMARC has less data to work with.

SPF Record Generator

Basic Settings

Authorized Senders

Policy (How to handle unauthorized senders)

Your SPF Record

Frequently Asked Questions

DMARC Generator

MTA-STS Generator

BIMI Generator