Sender Policy Framework (
SPF) is a simple validation system designed to detect attempts to impersonate e-mail senders.
SPF configuration uses the
TXT field in DNS configuration of the domain from which the email is sent.
The content of the TXT field starts with
Then rules are defined that specify who is authorized to send e-mails from this domain. One of four prefixes can be used before the rules:
+- accept (default)
-- do not accept (never accept; hard rule)
~- do not accept (rather not accept, the decision to reject the e-mail depends on the server configuration; soft rule)
List of rules that can be read as "accept e-mails from":
A- the IP address specified in the A record
MX- the IP address specified in the MX record
ip4:188.8.131.52- the address 184.108.40.206
ip4:220.127.116.11/27- the 18.104.22.168/27 network (addresses: 22.214.171.124 - 126.96.36.199)
ip6:2001:db8:a4:a6:b7:e4:ef:a3- the address 2001:db8:a4:a6:b7:e4:ef:a3
ip6:2001:db8:a4:a6:b7:e4:ef:80/122- from network 2001:db8:a4:a6:b7:e4:ef:80 (addresses: 2001:db8:a4:a6:b7:e4:ef:81 - 2001:db8:a4:a6:b7:e4:ef:bf)
include:sub.example.com- servers specified in the SPF of the
all- from the rest of the servers.
Domain that does not send e-mails. Any e-mail sent from this domain will be rejected:
Accept e-mails from the web server (
A record) and from the mail server (
MX record). Messages sent from other servers will be rejected:
v=spf1 A MX -all