SPF (Sender Policy Framework) is a sender authentication method. It tells the receiving mail server whether the sending mail server is allowed to send e-mails with the domain of the sender email address (user@example.com).
The sender email address is typically the From-Header or Sender-Header. (I recommend using the From-Header exclusively to get the highest chance of delivery. See Email spoofing.)
TXT Record
If you send your e-mails directly over your own mail server (e.g. mailenable) a txt record could look like this.
v=spf1 +a +mx -all
If you send your e-mails over a smart host / relay service (mailchannels, sendgrid, mailgun, etc.) a txt record could look like this.
TXT your-domain.com v=spf1 +include:relay.mailchannels.net -all
The meaning of "+, -, ~, ?" prefixes
- + Pass - authorized (default value, can be omitted)
- - Fail - NOT authorized
- ~ Softfail - NOT authorized but treated generous
- ? Neutral - treated like not defined
To specify the mail server(s) of a domain we can set the following parameters.
- +a (resolve and include the the IP of the current, owning A-Record)
- +mx (resolve and include the the IP of the current, owning MX-Record)
- +ip4 (include specified IPv4 address)
- +ip6 (include specified IPv6 address)
- +include (include an additional SPF, e.g. _spf.google.com)
- -all (exclude everything else)