What is SPF (Sender Policy Framework)?

Turkish: SPF

SPF is an email authentication control that publishes approved sending servers in DNS, helping receivers spot spoofed domain mail.

What is SPF?

SPF (Sender Policy Framework) is an email authentication mechanism where a domain publishes which mail servers are allowed to send messages for it. When a receiving mail server gets a message, it checks the envelope sender domain against that domain’s SPF TXT record in DNS and compares the sender IP address with the approved list.

An SPF record usually starts with v=spf1 and uses mechanisms such as ip4, ip6, a, mx, and include to describe valid senders. The final ~all or -all tells receivers how to treat sources that are not listed. If a company sends through both Google Workspace and an email automation platform, both services must be represented in the record.

Limits and Operational Use

SPF does not secure the visible From header by itself, and forwarding can break SPF alignment because the forwarding server becomes the apparent sender. For that reason SPF is normally paired with DKIM signatures and a DMARC policy.

In business systems, SPF protects invoices, password resets, proposals, and campaign emails from being rejected or treated as spoofed mail. The practical work is ongoing: keep the DNS record narrow, remove old vendors, avoid unnecessary broad includes, and monitor which systems are allowed to send through SMTP.