What is SPF?

The Sender Policy Framework (SPF) is an email-authentication technique. It is used to prevent spammers from sending messages on behalf of your domain. With SPF an organization can publish authorized mail servers that is which is mail servers are authorized to send mails on behalf of your domain. Together with the DMARC related information, this gives the receiver (or receiving systems) information on how trustworthy the origin of an email is. SPF is an email authentication technique that uses DNS (Domain Name Service).

SPF records have a 255 character string limit in Domain Name System (DNS). If you have an SPF record with a string longer than 255 characters, it will fail the SPF authentication check.

Keep your SPF records as simple as possible. DNS lookup for SPF record should not exceed 10 DNS lookup. If you have more than ten lookups in your record, a permanent error could be returned during the SPF authentication process. DMARC treats that as fail since it’s a permanent error, and all SPF permanent errors are interpreted as fail by DMARC. Avoid nested includes.

Duplicate SPF TXT record, means you can only have a single DNS TXT record which begins with “v=spf1”. Having multiple SPF records will result in permanent error.