What’s an SPF record?
An SPF record is a Sender Policy Framework record. It’s used to indicate to mail exchanges which hosts are authorized to send mail for a domain. It’s defined in RFC 4408, and clarified by RFC 7208.
SPF Record Format
SPF records are typically defined using the TXT record type. There’s also an SPF record type, but it’s deprecated, and you should always have at least the TXT record definition present, even if you use the SPF type.
SPF records are defined as a single string of text. Here’s an example record:
v=spf1 a mx ip4:220.127.116.11 include:_spf.google.com ~all
The SPF record always starts with the
v= element. This indicates the SPF version that is used. Right now the version should always be
spf1 as this is the most common version of SPF that is understood by mail exchanges.
One or more terms follow the version indicator. These define the rules for which hosts are allowed to send mail from the domain, or provide additional information for processing the SPF record. Terms are made up of mechanisms and modifiers. The following mechanisms are defined:
A mail server will compare the IP address of the sender against the IP addresses defined in the mechanisms. If the IP address matches one of the mechanisms in the SPF record then follow the result handling rule. The default handling rule is
+ or pass.
include mechanism allows you to authorize hosts outside of your administration by specifying their SPF records.
all mechanism matches any address. This is usually used as the last mechanism which defines how to handle any sender IP that did not match the previous mechanisms.
SPF record limitations
Each fully-qualified name may have at maximum one SPF record, defined as a TXT record or as an SPF record type.
There are various limitations on the number of items and lookups permitted in an SPF record:
- SPF records may not have more than 10 mechanisms that require DNS lookups. These are the
- When evaluating the
mxmechanism, the number of MX records queried is included in the overall limit of DNS lookups. Each
mxmechanism must not result in querying more than 10 address records.
ptrmechanism is also included in the overall limit. Each
ptrmust not result in querying more than 10 address records.