What is SPF?

SPF explained: how does SPF work?

Vladislav Podolyako avatar
Written by Vladislav Podolyako
Updated over a week ago

Table of contents

Explaining the SPF record

SPF, or Sender Policy Framework, is a type of email authentication that defines which mail servers, or email sending applications, can be used for sending from your domain.

Think of your domain as a new car. Before you hit the road, you need to have a valid insurance policy.

SPF compared to Insurance

Each time you have an additional driver, you need to update your insurance policy to include them. SPF works the same way as your insurance. Every tool that sends emails from your domain MUST be included within your SPF record. Be sure to update your SPF record every time you use a new tool to send emails.

Example of an SPF TXT Record

For example, if your domain is company.com and you use Google and G-suite to send emails, then your SPF record would look like this:

Google SPF Record

If your domain is company.com and you use G-suite and Salesforce to send emails, then your SPF record would look like this:

How does SPF work?

SPF is a DNS TXT record published within your domain hosting providers' DNS settings such as GoDaddy, Name.com, Cloudflare, or HostGator.

Every time you send an email, you need to get through your recipient’s spam filters mechanisms and firewalls. You can think of this as going through a police checkpoint.

The police will first check your DNS settings to see if you have a valid SPF record (or insurance). If you do, they check if you are authorized to drive the vehicle on behalf of your domain.

If the email application you’re using is listed within your SPF record, then your email is properly authenticated. This will improve your overall deliverability.

SPF explained in 5 steps using G-suite:

  1. You send an email FROM vladislav@folderly.com using G suite TO michael@company.com.

  2. Company.com’s mail server will check the DNS records at folderly.com for a VALID SPF Record.

  3. If an SPF record EXISTS, Company.com will check to see if G-suite (Google’s mail servers) are included in the Folderly SPF record.

  4. If Google is included in the Folderly SPF record, then SPF will PASS, and the email is properly authenticated.

  5. If G suite is NOT included in the folderly.com SPF record or an SPF record is NOT published, then SPF will FAIL, and the email is not properly authenticated.

Did this answer your question?