Sender Policy Framework

SPF

SPF specifies which mail servers are authorized to send emails on behalf of your domain. Receiving servers check the sender's IP address against your SPF record to prevent email spoofing.

{#each spfRecords as spf, index}

{#if spf.domain}

Domain: {spf.domain} {#if index > 0} Included {/if}

{/if}

Status: {#if spf.valid} Valid {:else} Invalid {/if}

{#if spf.all_qualifier}

All Mechanism Policy: {#if spf.all_qualifier === "-"} Strict (-all) {:else if spf.all_qualifier === "~"} Softfail (~all) {:else if spf.all_qualifier === "+"} Pass (+all) {:else if spf.all_qualifier === "?"} Neutral (?all) {/if} {#if index === 0 || (index === 1 && spfRecords[0].record?.includes("redirect="))}

{#if spf.all_qualifier === "-"} All unauthorized servers will be rejected. This is the recommended strict policy. {:else if dmarcStrict} While your DMARC {dmarcRecord?.policy} policy provides some protection, consider using -all for better security with some old mailbox providers. {:else if spf.all_qualifier === "~"} Unauthorized servers will softfail. Consider using -all for stricter policy, though this rarely affects legitimate email deliverability. {:else if spf.all_qualifier === "+"} All servers are allowed to send email. This severely weakens email authentication. Use -all for strict policy. {:else if spf.all_qualifier === "?"} No statement about unauthorized servers. Use -all for strict policy to prevent spoofing. {/if}

{/if}

{/if} {#if spf.record}

Record:
{spf.record}

{/if} {#if spf.error}

{spf.valid ? "Warning:" : "Error:"} {spf.error}

{/if}

{/each}