Sender Policy Framework: SPF records and deliverability


SPF (Sender Policy Framework) is an email validation system which uses bonded sender technology built into the Internet Domain Name System (DNS) to verify that an email has indeed come from an allowed server. It's one of the best known of the sender verification methods, which were developed in defense against the dark arts.

The idea is very simple. The internet currently depends on the sanctity of the Domain Name System (DNS). The idea of SPF is to add simple text records to the DNS entry for a domain to tell the world which mail servers are entitled to act on behalf of it. When sent an email, receiving mailservers simply check that the SPF records in the email's header correspond to those in the sending server's DNS entry. That's it.

An example of an SPF record for a BIND66 server follows: IN TXT "v=spf1 a mx -all"


This simple version says that only the DNS A record (a) and MX record (mx) for may be used for sending e-mail for this domain. Since the owner of the domain is theoretically the only person who can add and modify these SPF records, this has the effect of verifying them as the sender.

Like all sender reputation methods, it is vulnerable to botnet-derived spamming, but all in all, it is a useful measure. Consequently, the majority of spam-filtering systems take it into account (to varying degrees) when assessing an email's legitimacy.

So what does this mean to the legitimate emailer?

If you can't get them right, leave them out!


In the eyes of the spam-filter, SPF records can either be correct and installed, incorrect and installed or not installed at all. Of these, incorrect and installed has the largest negative impact on deliverability, hence our recommendation of 'if in doubt, leave them out..'

The SendForensics Email Deliverability Suite comprehensively analyses your SPF records informing you, in advance, the precise impact they will have on your email campaigns (and detailed instructions on how to set them up for optimal results).