SPF — Sender Policy Framework

Category: Before Enabling Filtering Services | Protocol: DNS / Email

SPF (Sender Policy Framework) is a DNS record that specifies which servers are authorized to send emails on behalf of your domain. It helps protect against spoofing and spam.

I — Create the SPF Record (Standard)

Add the following record to your domain’s DNS zone through your registrar:

Parameter Value
Name your-domain.com
TTL 10800
Type TXT
Value v=spf1 include:spf.security-mail.net -all

Only security-mail.net mail servers will be authorized to send emails from your domain.

II — Verify the Record

From a terminal or command prompt:

nslookup -type=txt your-domain.com

The output must contain:

v=spf1 include:spf.security-mail.net -all

III — Advanced Options (all Mechanism)

Value Behavior Recommended Usage
-all Strictly rejects all unauthorized senders Recommended (production)
~all Marks unauthorized senders as suspicious (softfail) Testing phase
?all Neutral — no policy applied Diagnostic purposes only

⚠️ Use ?all only for diagnostic purposes. In production, prefer -all for maximum protection.