Chicago IT Support & Cyber Security | Forward Technologies

Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.

SPF Basics: What It Is and Why It Matters

SPF (Sender Policy Framework) is a foundational email authentication method that allows domain owners to declare which mail servers are authorized to send email on behalf of their domain. It’s one of the key building blocks of email security and a requirement for DMARC to function properly.

If your business uses a custom domain (e.g., @yourcompany.com) to send email, configuring SPF is essential to protect against spoofing and to improve deliverability.

What Does SPF Do?

SPF works by adding a TXT record to your domain’s DNS. This record lists the IP addresses or servers that are allowed to send email using your domain in the MAIL FROM (Return-Path) field.

When a receiving server gets a message claiming to be from your domain, it checks the SPF record to see if the sending server is authorized. If it’s not, the message may be flagged, quarantined, or rejected—depending on how the recipient handles SPF failures.

Example SPF Record

v=spf1 include:_spf.google.com ~all

What it means:

  • v=spf1 – This is the version identifier (required).
  • include:_spf.google.com – Authorizes Google’s mail servers to send on your behalf.
  • ~all – Soft fail for everything else; still delivered, but marked as questionable.

Other options:

  • -all – Hard fail (unauthorized sources should be rejected)
  • ?all – Neutral (rarely used)
  • +all – Allow all (dangerous—avoid using)

Common SPF Record Syntax

MechanismDescription
ip4:Authorizes a specific IPv4 address or block (e.g., ip4:192.0.2.0/24)
ip6:Authorizes an IPv6 address
include:Includes another domain’s SPF record (e.g., Google, Microsoft)
aAuthorizes the A/AAAA record of the domain
mxAuthorizes the domain’s MX records
exists:Performs a DNS lookup (rare use case)
allWildcard match for everything not matched before (must come last)

Limitations of SPF

  • SPF only checks the Return-Path (not the visible “From” address)
  • It can break when email is forwarded, since the forwarding IP is not listed
  • You are limited to 10 DNS lookups per SPF evaluation

That’s why SPF is usually deployed alongside DKIM and DMARC for a full email authentication stack.

Why SPF Matters for Your Business

  • Helps prevent spoofed emails from being delivered
  • Improves your domain’s email deliverability
  • Supports DMARC alignment when configured correctly
  • Establishes trust with recipient servers

Without SPF, your domain is vulnerable to abuse—and your email reputation could suffer.

Need Help Configuring Your SPF Record?

At Forward Technologies, we help organizations define and maintain clean, accurate SPF records—especially when juggling multiple third-party senders (newsletters, CRMs, invoicing systems, etc.). We also audit DNS records to avoid SPF flattening, lookup limit errors, and alignment issues with DMARC.

Contact us to configure or clean up your SPF record »Email Security Consulting

Social Media

Forward Technologies
747 N LaSalle
STE 500B
Chicago, IL 60654
(312) 715-7806