Below is the syntax for SPF record :
Example: v=spf1 a mx ip4:192.168.0.1 include:spf.example.com -all
| V | version | The SPF record version | Description |
|---|---|---|---|
| a | Pass | Match if IP has a DNS ‘A’ record in given domain . | |
| mx | Pass | Match if IP is one of the MX hosts for given domain name | |
| IP4 | 198.164.0.1 | Pass | Match IP address |
| include | example.com | Pass | The specified domain is searched for an ‘allow’ |
| -all | Fail | Always matches. It goes at the end of your record |
having a valid and accurate SPF record will lead to improved authentication coverage, deliverability and help promote your desired level of security for your domains.
Mechanisms:
all
ip4
ip6
a
mx
ptr
exists
include
Mechanisms can be used to describe the set of hosts which are designated outbound mailers for the domain and can be prefixed with one of four qualifiers:
+ (Pass)
– (Fail)
~ (SoftFail)
? (Neutral)
The default qualifier is ‘+’, i.e. ‘Pass’.Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is “Neutral”.If a domain has no SPF record at all, the result is ‘None’. If a domain has a temporary error during DNS processing, you get the result ‘TempError’. If syntax or evaluation error occurs (eg. the domain specifies an unrecognized mechanism) the result is ‘PermError’.
Evaluation of an SPF record can return any of these results:
| Result | Explanation | Intended action |
|---|---|---|
| Pass | The SPF record designates the host to be allowed to send | accept |
| Fail | The SPF record has designated the host as NOT being allowed to send | reject |
| SoftFail | The SPF record has designated the host as NOT being allowed to send but is in transition | accept but mark |
| Neutral | The SPF record specifies explicitly that nothing can be said about validity | accept |
| None | The domain does not have an SPF record, or the SPF record does not evaluate to a result | accept |
| PermError | A permanent error has occurred (eg. badly formatted SPF record) | unspecified |
| TempError | A transient error has occurred | accept or reject |