Skip to content


Sender Policy Framework (SPF) is a simple validation system designed to detect attempts to impersonate e-mail senders.


SPF configuration uses the TXT field in DNS configuration of the domain from which the email is sent. The content of the TXT field starts with v=spf1. Then rules are defined that specify who is authorized to send e-mails from this domain. One of four prefixes can be used before the rules:

  • + - accept (default)
  • - - do not accept (never accept; hard rule)
  • ~ - do not accept (rather not accept, the decision to reject the e-mail depends on the server configuration; soft rule)
  • ? - neutral

List of rules that can be read as "accept e-mails from":

  • A - the IP address specified in the A record
  • MX - the IP address specified in the MX record
  • ip4: - the address
  • ip4: - the network (addresses: -
  • ip6:2001:db8:a4:a6:b7:e4:ef:a3 - the address 2001:db8:a4:a6:b7:e4:ef:a3
  • ip6:2001:db8:a4:a6:b7:e4:ef:80/122 - from network 2001:db8:a4:a6:b7:e4:ef:80 (addresses: 2001:db8:a4:a6:b7:e4:ef:81 - 2001:db8:a4:a6:b7:e4:ef:bf)
  • - servers specified in the SPF of the domain
  • all - from the rest of the servers.


Domain that does not send e-mails. Any e-mail sent from this domain will be rejected:

v=spf1 -all

Accept e-mails from the web server (A record) and from the mail server (MX record). Messages sent from other servers will be rejected:

v=spf1 A MX -all