SPF record syntax

Below is the syntax for SPF record :

Example: v=spf1 a mx ip4: include:spf.example.com -all

V version The SPF record version Description
a   Pass Match if IP has a DNS ‘A’ record in given domain .
mx   Pass Match if IP is one of the MX hosts for given domain name
IP4 Pass Match IP address
include example.com Pass The specified domain is searched for an ‘allow’
-all   Fail Always matches. It goes at the end of your record


having a valid and accurate SPF record will lead to improved authentication coverage, deliverability and help promote your desired level of security for your domains.


Mechanisms can be used to describe the set of hosts which are designated outbound mailers for the domain and can be prefixed with one of four qualifiers:
+ (Pass)
– (Fail)
~ (SoftFail)
? (Neutral)
The default qualifier is ‘+’, i.e. ‘Pass’.Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is “Neutral”.If a domain has no SPF record at all, the result is ‘None’. If a domain has a temporary error during DNS processing, you get the result ‘TempError’. If syntax or evaluation error occurs (eg. the domain specifies an unrecognized mechanism) the result is ‘PermError’.

Evaluation of an SPF record can return any of these results:

Result Explanation Intended action
Pass The SPF record designates the host to be allowed to send accept
Fail The SPF record has designated the host as NOT being allowed to send reject
SoftFail The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark
Neutral The SPF record specifies explicitly that nothing can be said about validity accept
None The domain does not have an SPF record, or the SPF record does not evaluate to a result accept
PermError A permanent error has occurred (eg. badly formatted SPF record) unspecified
TempError A transient error has occurred accept or reject