What Is SPF? Everything You Need to Know About Sender Policy Framework
We’ve written extensively on DomainKeys Identified Mail (DKIM) and how they affect email deliverability. In this post, we’ll cover another spam-related acronym: SPF or Sender Policy Framework. Read on to learn more about how SPF works and how it compares to other email authentication protocols.
What Is a Sender Policy Framework (SPF)?
SPF is a type of email authentication protocol or a way for a recipient to confirm that an email is truly coming from the sender and is not a piece of spam or a phishing attack.
There are several types of email authentication used to safeguard against spam, including DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). Each email authentication protocol has a different method and goal.
In the case of SPF, its chief role is to prevent email spammers from using your domain and sending “spoof” emails. Unfortunately, spammers can easily fake email “from” fields – both the “from” the subscriber sees (“header from”) and the return address (“envelope from”). SPF helps protect spoofing of that “envelope from” address.
SPF verifies sender IP addresses. It gives senders the power to tell recipients which IP addresses you’ve authorized to send email on their behalf. If the email comes from an IP address not listed in the SPF record, the recipient will block the message.
How Does SPF Work?
Senders must set up a SPF record that lists which IP addresses or servers can send email from their domain. The SPF record is a TXT record in the Domain Name System (DNS) sever.
Wait – another acronym?! Unfortunately, yes. A DNS server essentially translates a domain name (such as “emailonacid.com”) into an IP address to find the correct site. Our friends at SendGrid have a more detailed explanation of DNS here.
Once you set up the SPF record in the DNS, a recipient email server will check the IP address sending email from your domain. If that sending IP address matches the SPF in the DNS records, the email has a better chance of landing in the inbox.
Having an SPF record in your DNS also means spammers are less likely to use your domain for a phishing attack. And with a better domain reputation, you’re less likely to land on an email blacklist, which can seriously affect your deliverability.
How Can I Check My SPF?
Email on Acid’s Spam Testing feature offers SPF testing. When you run a test, you will find it under the “Feedback Filters” column. The tool will tell you whether you fail or pass SPF tests, and the result will look like this:
When testing for SPF, you’ll want to make sure you use the seed list testing method (or “use my SMTP email server” if you have your own SMTP server), so Email on Acid gets results directly from your server. You can learn more about running a spam test here.
There is a third option for spam testing within Email on Acid: sending the test through our domain. While this may be a quick way to test, it won’t give you accurate information about your SPF because the test will be sent using our domain (emailonacid.com), not yours.
If you fail the SPF test, double-check that the SPF entry in your DNS server matches your sending IP address.
Drawbacks of SPF
We should note that SPF isn’t a perfect method for authenticating emails. It doesn’t preferent spammers from spoofing the display name (“header from”), which is visible in the inbox.
SPF also doesn’t work when you forward the email.
With that in mind, it’s important to use other authentication methods, including DKIM and DMARC to ensure your message reaches the inbox.
Learn More About Spam Testing and Deliverability
We’ve got a slew of helpful content for you! Check out these related articles:
- Is 100% Deliverability Possible?
- Find and Fix Deliverability Issues
- What Is My SpamAssassin Score and What Does it Mean?
- How Email Spam Tests Work and What You Can Do to Pass Them
Author: Melanie Graham
Born and raised in New England, Melanie has a background as a writer, editor and journalist. After roaming the U.S. as an expert vagabond, she’s landed in Denver as Email on Acid’s content manager. She’s a music nerd at heart who loves spending time at the piano.