What is SPF in Email and How to Set It Up

By Mithun • Published on June 30, 2025

SPF email authentication diagram

Image credit: esecurityplanet.com

Have you ever received an email that looked legitimate but wasn’t? SPF is one of the first lines of defense against such email spoofing. Let’s break down what it is and how to use it effectively.

📌 What is SPF?

SPF (Sender Policy Framework) is an email validation system that prevents spammers from sending messages on behalf of your domain. It does this by telling the receiving mail server which IP addresses are allowed to send email for your domain.

🔧 How Does SPF Work?

When someone receives an email from your domain, their mail server checks your DNS record for an SPF entry. If the email is sent from an authorized server listed in the SPF record, it passes. Otherwise, it may be marked as spam or rejected.

🧬 SPF Record Example

    v=spf1 include:zoho.com include:spf.protection.outlook.com -all
    

⚙️ How to Set It Up

  1. Log in to your DNS host (like Cloudflare, GoDaddy, etc.)
  2. Add a TXT record for your domain with the SPF string
  3. Use tools like MXToolbox SPF Checker to test

🚫 Common Mistakes

"SPF alone won’t stop spoofing — but it’s the foundation. Combine it with DKIM and DMARC for full protection."
← Back to all articles