SPF Glossary
A comprehensive reference for SPF terms, mechanisms, qualifiers, and record syntax. Bookmark this page for quick lookups.
S
Sample SPF records
Example SPF records showing real-world configurations. A simple example: v=spf1 ip4:192.0.2.0/24 include:_spf.google.com ~all — this allows a specific IP range and Google, while marking everything else as softfail.
SPF ?all
The ?all qualifier means "neutral" — you're not sure if the email is from an authorized sender or not. Mail servers won't reject it but won't fully trust it either. Not recommended as it offers no protection.
SPF 'all' syntax
Tells mail servers what to do with emails not matching earlier rules. Written with a qualifier: -all (reject — strictest), ~all (softfail — used during testing), ?all (neutral), or +all (allow all — not recommended).
SPF 'include' IP
You don't directly include an IP with the include mechanism — you include another domain's SPF record, which may contain IPs. To add a specific IP directly, use ip4: or ip6: instead.
SPF 'include' vs 'a'
include pulls in another domain's entire SPF record (all their authorized IPs). 'a' only checks your domain's own A record IP. Use include for third-party services; use 'a' when your website server also sends email.
SPF (Sender Policy Framework)
An email authentication protocol that lets you instruct mail servers which senders are allowed to send emails from your domain. Published as a TXT record in DNS.
SPF ~all vs -all
~all means softfail — instructs receiving servers to place suspicious emails in the spam folder. -all means hardfail — instructs servers to reject emails not sent from authorized IP addresses.
SPF a:
Checks if the domain's A record (its main IP address) is allowed to send emails. Example: a:example.com means emails from the server listed in example.com's DNS are authorized. If no domain is specified (just 'a'), it refers to your own domain.
SPF codes
SPF results returned by mail servers: pass (sender approved), fail (sender rejected), softfail (suspicious), neutral (no opinion), temperror (temporary failure), or permerror (permanent error in the record).
SPF exists
The exists mechanism checks if a specific domain exists in DNS. If it does, the rule passes and the sender is approved. Rarely used, but helpful for advanced SPF configurations.
SPF fail not authorized
Occurs when an email comes from a server not listed in your SPF record and your policy says to reject it (-all). The receiving server treats it as a hard fail. This may indicate someone is spoofing your domain.
SPF include
Lets you trust another domain's SPF settings. Example: include:_spf.google.com adds Google's authorized IPs to your SPF record. Be careful not to use too many includes — each one counts toward the 10-lookup limit.
SPF ip range
Instead of adding one IP, you can allow a whole range using CIDR notation. Example: ip4:203.0.113.0/24 covers all IPs from 203.0.113.0 to 203.0.113.255.
SPF ipv4 / ip4
A mechanism used in SPF records to allow a specific IPv4 address to send email from your domain. Example: ip4:192.0.2.1. You can also specify a range using CIDR notation like ip4:203.0.113.0/24.
SPF mechanisms
The building blocks of an SPF record. Common mechanisms include ip4, ip6, a, mx, include, exists, and all. Each mechanism checks different things like IP addresses, DNS records, or other domains.
SPF policy
Your SPF policy is the complete rule you set for who can send email from your domain. It's everything inside your SPF record. The final 'all' qualifier decides the strictness of your policy.
SPF record 'all'
The final rule in an SPF record for all senders not already listed. Written at the end as -all, ~all, or ?all. It tells mail servers what to do if an email doesn't match any approved senders. -all means reject; ~all means softfail (treat suspiciously).
SPF record format
The order and structure of everything inside an SPF record. It always starts with v=spf1 and then lists the allowed senders, ending with something like -all or ~all.
SPF record meaning
An SPF record is a rule you add to your domain's DNS to tell mail servers who's allowed to send email on your behalf. It helps prevent scammers from faking your email address.
SPF record mx
The mx mechanism allows the mail servers listed in your domain's MX records to send emails on your behalf. Example: v=spf1 mx -all means "allow my MX servers and block everything else."
SPF record options
The different choices available when writing your SPF record, including mechanisms (ip4, a, mx, include) and qualifiers (-, ~, ?, +). Together they define how strict or relaxed your policy is.
SPF record syntax
The format or structure used to write SPF records in your DNS settings. It starts with v=spf1 and then includes a list of rules, like IP addresses or domains that are allowed to send emails on your behalf. Each part of the record must follow certain rules so email servers can read and understand it.
SPF record types
There is only one official SPF record type: the TXT record published in your domain's DNS. An earlier SPF-specific DNS type existed but is now obsolete.
SPF syntax
The grammar of SPF records. It defines how to use different mechanisms like ip4, a, mx, include, and qualifiers like +, -, ~, or ?. These parts work together to tell mail servers who can send emails from your domain.
Need help with your SPF record?
AutoSPF automatically flattens and optimizes your SPF record. No DNS expertise required.