What is Sender Policy Framework (SPF)?
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly. This is implemented as a DNS TXT record which is a list of servers that are allowed to send mail on behalf of a domain.
In a basic example the record
example.net. TXT "v=spf1 a:pluto.example.net -all" means that mail is only allowed to be sent for example.net from the server pluto.example.net. This means that email@example.com must send mail using pluto.example.net server, otherwise, the recipient’s mail server could check the SPF record and block it as forged mail.
How can SPF effect me?
Usually, whoever sets up your email takes care of the SPF record for your email server. The point when you may need to change is it if you wish to send mail from your domain from somewhere else. Some places where you might want to send email from include your website or through a mail delivery service like Constant Contact.
If firstname.lastname@example.org started sending email through Constant Contact without changing the SPF record we used above, email messages would be blocked by many servers since the Constant Contact servers are not in the SPF list. To correct this, we need to add the servers to the SPF record. Instead of listing out each server individually, we simply need to include the list that Constant Contact already provides. This is
include:ccsend.com, so once we add it to our current example SPF record it looks like this
v=spf1 a:pluto.example.net include:ccsend.com -all. Just remember to update your SPF record whenever you start sending email from a new location. Check with your provider for help to make sure yours is set correctly.
Here are some useful resources to learn more about SPF: