---
title: "SPF Record Syntax Explained | AutoSPF"
description: "A TXT SPF record includes a list of IP addresses and email servers belonging to an organization, its representatives, and third-party vendors who are offic"
image: "https://autospf.com/images/og-default.png"
canonical: "https://autospf.com/explaining-sender-policy-framework-spf-macros/spf-record-syntax/"
---

#  SPF Record Syntax Explained 

## Try Our Free SPF Checker

Instantly analyze any domain's SPF record - check syntax, count DNS lookups, and flag errors.

[ Check SPF Record →](/tools/spf-checker/) 

A TXT SPF record includes a list of IP addresses and email servers belonging to an organization, its representatives, and third-party vendors who are **officially allowed to send emails** on their behalf. SPF records are complicated, and the instructions they impart using syntax should be done as per the rules laid down in [RFC 7208 4.6](https://datatracker.ietf.org/doc/html/rfc7208) to ensure there are no errors. SPF records with permerror and other syntax issues fail to prevent phishing attacks.

[SPF record syntax](/explaining-sender-policy-framework-spf-macros/) is categorized as **mechanisms, qualifiers, and modifiers**. 

## SPF Record Example

This is what a standard SPF record looks like-

```
v=spf1 include:_spf.google.com include:example.com a:mail.example.com mx ip4:124.163.1.1 ~all
```

This SPF record authorizes Google’s servers, a specific IP address, and servers listed in the MX and [A records](https://support.dnsimple.com/articles/a-record/) of “example.com” to send emails on behalf of the domain. Emails that are sent by **anyone outside of the service** will be placed in the spam folder (“\~all”).

Here, v=spf1 specifies the **version 1** used. Since there’s only one SPF version as of now, all SPF records should begin with v=spf1\. The ‘include’ tag directs receiving servers to check the included domain’s SPF record for IP addresses permitted to send messages. 

![Create Spf Record 3](https://media.mailhop.org/autospf/images/2023/12/create-spf-record-3.jpg) 

[Image sourced](https://blog.pair.com/2019/02/13/about-spf-records/) from pair.com

## SPF Record Advanced Syntax

[Sender Policy Framework](/explaining-sender-policy-framework-spf-macros/sender-policy-framework-office-365/) (SPF) record syntaxes are characterized as a single string of text in the DNS TXT record. _It begins with v=spf1 and ends with either \~all or -all tag, specifying **softfail or hardfail**, respectively_. Here’s more information on mechanisms, qualifiers, and modifiers. 

### SPF Mechanisms

#### all

The ‘all’ mechanism has to match always in order to instruct recipient servers **how to deal with unauthorized email** messages sent from your domain. No mechanism after this is valid and is ignored. By default, it’s set to -all, but you can always change it to \~all or even add the ‘pct’ tag to apply the selected policy to only a predefined percentage of emails. _It’s **highly discouraged** to use the +all tag, as it allows everyone to send messages using your domain name._ 

#### a

It defines a domain name with an A or [AAAA address record](https://www.menandmice.com/glossary/what-is-an-aaaa-record) as a match since it resolves to the sender’s address. When there is no well-defined DNS SPF record syntax, the current domain is used. 

#### ip4

A successful match is observed for an email if the sender is associated with the given range of [IP4-network IP addresses](https://www.geeksforgeeks.org/what-is-ipv4/) in the SPF TXT record. You have to add it with a prefix-length to tell the range’s length; however, **/32 is used as the default prefix**. 

#### ip6

A successful match is observed for an email if the sender is associated with the given range of IPv6 IP addresses in the SPF TXT record. You have to add it with a prefix-length to tell the **range’s length**; however, /128 is used as the default prefix. 

#### mx

It specifies that any server listed in the [domain’s MX records](https://en.wikipedia.org/wiki/MX%5Frecord#:~:text=A%20mail%20exchanger%20record%20%28MX,Domain%20Name%20System%20%28DNS%29.) is authorized to send mail. An MX record contains an IP address and a **priority value** for every server authorized and responsible for accepting emails. 

#### ptr

It’s a [deprecated mechanism](https://en.wikipedia.org/wiki/Deprecation) and is the opposite of a DNS A record. It resolves the queried IP address to its corresponding domain name. The mechanism is slow and unreliable, which is why SPF experts strongly discourage its inclusion in an SPF DNS record. 

![Spf Record Generator](https://media.mailhop.org/autospf/images/2023/11/spf-record-generator.jpg) 

#### exists

It performs a DNS A record search, and a successful match is observed when a valid A record is explored, irrespective of what the actual **lookup result** is. You need to introduce [SPF macros](https://www.jamieweb.net/blog/using-spf-macros-to-solve-the-operational-challenges-of-spf/) in your record to establish per-user exceptions with this mechanism. 

#### include

The ‘include’ mechanism allows you to add the entire SPF record or exclusive sending sources to your SPF record. This ensures that if they send a message on your behalf, then receiving **servers don’t misjudge** them as illegitimate senders. 

### SPF Qualifiers

Each mechanism can be combined with one of the **four optional qualifiers**. They define the action to be taken when a mechanism is matched.

- \+ (Pass): The client is authorized.
- – (Fail): The client is not authorized.
- \~ (SoftFail): The client is **not authorized**, but the message might still be accepted.
- ? (Neutral): No explicit authorization or denial.
![Spf Record Tester 1](https://media.mailhop.org/autospf/images/2023/11/spf-record-tester-1.jpg) 

### SPF Modifiers

SPF Modifiers play a crucial role in shaping the **behavior of DNS SPF records**. They are expressed as name-value pairs **separated by ‘=’** and are positioned exclusively at the end of the [SPF record](/explaining-sender-policy-framework-spf-macros/spf-record/). _These modifiers provide additional information, **specify exceptions to rules**, or modify defaults._

The **‘redirect’ Modifier** is particularly significant, guiding authentication to other SPF records. It is beneficial when multiple domains share the same SPF content, but it should be used cautiously only when you have control over all the involved domains. _If the ‘all’ Mechanism is present in the SPF record, the ‘redirect’ Modifier is disregarded._

For authorized domains beyond your control, the **‘include’ SPF Mechanism** is recommended. It is vital to note that modifiers can only appear once, and any unknown modifiers are simply ignored.

In situations where a Fail SPF Qualifier is returned, the **‘exp’ Modifier** becomes valuable. It explains the **reason behind the failure** when a mechanism matches, aiding in diagnostics and troubleshooting for better [email authentication](https://www.beyondencryption.com/blog/what-is-email-authentication).

## How Do You Fix Your SPF Record, Free?

Give us a test drive for **30 days at no cost**. Fix your broken SPF in less than 60 seconds!

> [Fix My SPF Record!](/pricing/)

## Fix your SPF record in 60 seconds

page.data.title toolBanner && toolBanner.label toolBanner.description toolBanner.cta → showCTA && g2Config &&

[Start Free Trial→](/pricing/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.facebook.com/autospf","https://github.com/duocircle","https://www.g2.com/products/autospf/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.6","reviewCount":"28","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/autospf/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM","Email Deliverability","SPF Lookup Limits"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Explaining Sender Policy Framework Spf Macros","item":"https://autospf.com/explaining-sender-policy-framework-spf-macros/"},{"@type":"ListItem","position":3,"name":"Spf Record Syntax","item":"https://autospf.com/explaining-sender-policy-framework-spf-macros/spf-record-syntax/"}]}
```