SPF (Sender Policy Framework) is an email authentication standard that lets a domain owner publish, in DNS, the list of mail servers allowed to send email on its behalf.
In depth
The domain publishes a single TXT record listing authorized sending sources. When a receiving server gets a message, it checks whether the sending server’s IP address is on that list. A pass tells the receiver the envelope sender is legitimate; a fail is a signal of spoofing. SPF only validates the hidden envelope (return-path) domain, not the visible From address, which is why it is paired with DKIM and DMARC. Keep to the 10-DNS-lookup limit or the record returns a permerror.
Example
A record like v=spf1 include:_spf.google.com ~all authorizes Google Workspace servers to send for your domain and soft-fails everything else.
Related terms
See our full email marketing glossary or the complete email marketing guide.