Table of contents
Explaining the SPF record
SPF, or Sender Policy Framework, is a type of email authentication that defines which mail servers, or email sending applications, can be used for sending from your domain.
Think of your domain as a new car. Before you hit the road, you need to have a valid insurance policy.
SPF compared to Insurance
Each time you have an additional driver, you need to update your insurance policy to include them. SPF works the same way as your insurance. Every tool that sends emails from your domain MUST be included within your SPF record. Be sure to update your SPF record every time you use a new tool to send emails.
Example of an SPF TXT Record
For example, if your domain is company.com and you use Google and G-suite to send emails, then your SPF record would look like this:
If your domain is company.com and you use G-suite and Salesforce to send emails, then your SPF record would look like this:
How does SPF work?
SPF is a DNS TXT record published within your domain hosting providers' DNS settings such as GoDaddy, Name.com, Cloudflare, or HostGator.
Every time you send an email, you need to get through your recipient’s spam filters mechanisms and firewalls. You can think of this as going through a police checkpoint.
The police will first check your DNS settings to see if you have a valid SPF record (or insurance). If you do, they check if you are authorized to drive the vehicle on behalf of your domain.
If the email application you’re using is listed within your SPF record, then your email is properly authenticated. This will improve your overall deliverability.
SPF explained in 5 steps using G-suite:
Company.com’s mail server will check the DNS records at folderly.com for a VALID SPF Record.
If an SPF record EXISTS, Company.com will check to see if G-suite (Google’s mail servers) are included in the Folderly SPF record.
If Google is included in the Folderly SPF record, then SPF will PASS, and the email is properly authenticated.
If G suite is NOT included in the folderly.com SPF record or an SPF record is NOT published, then SPF will FAIL, and the email is not properly authenticated.