SPF

Sender Policy Framework

SPF is a DNS TXT record that specifies which IP address(es), domains, and/or servers are allowed to send email “from” a particular domain. It’s essentially like the return address placed on a letter or postcard that lets the recipient know who sent the communication. The idea is that if they know who sent them the letter, the recipient is more likely to open it.

Create processes in your organization for ongoing SPF monitoring and management. This periodic review should consider onboarding/off-boarding 3rd-party vendors where appropriate. Having a formal “off-boarding” process that takes into account DNS hygiene once a 3rd-party is no longer used is a good organizational policy to have in place as well.

Build directives in your SPF record with the following considerations:

explicit mechanisms first (IP addresses)
followed by mechanisms that induce a DNS query
includes last
if possible, list the highest volume sources first to minimize DNS queries

Learn more about SPF

Sample SPF For Google Worksace

If all email from your organization is sent using Google Workspace only, this sample SPF record should work for your domain:

- v=spf1 include:_spf.google.com ~all

How to set up SPF record in Google

Sample SPF for Office 365

If all email from your organization is sent using Office 365 only, this sample SPF record should work for your domain:

- v=spf1 include:spf.protection.outlook.com -all

How to set up SPF record in Office 365

Tools to check your SPF Record:

Page updated

Report abuse