Generate Sender Policy Framework (SPF) DNS TXT records to authorize email senders and prevent spoofing of your domain.
| Type | Host/Name | Value |
|---|---|---|
| TXT | @ | - |
SPF (Sender Policy Framework) is an email authentication protocol that prevents email spoofing. It lets domain owners specify which mail servers are authorized to send email on behalf of their domain. Receiving servers check the SPF record to verify incoming emails.
| Mechanism | Purpose |
|---|---|
| a | Allow domain's A record IP |
| mx | Allow domain's MX server IPs |
| include: | Include another domain's SPF |
| ip4: | Allow specific IPv4 address/range |
| ~all | Soft fail — accept but mark suspicious |
| -all | Hard fail — reject unauthorized senders |
Start with ~all (soft fail) while testing. Once you've confirmed all legitimate senders are included, switch to -all (hard fail) for maximum protection against spoofing.