Sender Policy Framework (SPF) for Authorizing Use of Domains in Email
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
S. Kitterman · 2014-04
Abstract
The Sender Policy Framework (SPF) defines a protocol that allows a domain owner to specify which mail servers are authorized to send email on behalf of that domain, using DNS TXT records. Receiving mail servers check the SPF record of the envelope sender's domain and can reject or flag messages sent from unauthorized IP addresses.
Why This RFC Matters
SPF is the first line of defense in email authentication, providing a simple but effective mechanism for domain owners to publish a list of authorized mail servers. By checking the sending IP address against the domain's SPF record, receiving servers can detect and reject email that falsely claims to originate from a domain. SPF protects against email spoofing, phishing, and spam by making it harder to forge the envelope sender address. While SPF alone is insufficient (it does not protect the From header visible to users), it is a required component of DMARC alignment and is now a baseline requirement for email deliverability. RFC 7208 obsoleted RFC 4408.