DMARC Autopilot

SPF complete guide

Sender Policy Framework lists the mail sources that are allowed to send SMTP mail that uses your domain in the envelope return-path (bounce) address. It is one leg of authentication; DMARC also needs DKIM or SPF alignment with the visible From domain.

Core ideas

  • SPF lives in a single TXT record at your domain root, starting with v=spf1.
  • Mechanisms like ip4:, include:, a, and mx authorize senders.
  • The all mechanism sets the default for everyone else—usually ~all (soft fail) while testing, then -all when you are confident.
  • You may not exceed ten DNS lookups while evaluating SPF; chained include: statements count toward that cap.

SPF alone cannot protect the visible From header if the bounce domain differs—that is why DMARC pairs SPF alignment with DKIM.

Check your SPF record