methodology / Security & Infrastructure / #3
SPF record present and valid
#3 · Required · Web Standards · security · Security & Infrastructure · weight 1.3% · impl implemented · method v1.2.0
Web Standards item — Security
This factor is part of Web Standards — the table-stakes binary layer of the score. It is graded pass/fail and gates the Web Quality score; it is not weighted into Web Quality itself.
- Pass criteria
- Tolerant — passes on pass or warn.
- Web Standards label
- SPF record present
- Why it's required
- Without SPF, anyone can spoof mail from this domain. Required for any site whose domain is also used for email.
What this means for your business
This tells the rest of the internet which mail services — your provider, your booking system, your CRM — are actually permitted to send email from your domain. Without it, your real messages look as suspicious as a stranger's, and your invoices and confirmations start hitting spam.
Plain title: Lists who's allowed to email as your business
What we measure
SPF tells mail servers which IP addresses are allowed to send email from your domain.
How to improve your score
Publish a TXT record `v=spf1 include:<your-mail-provider> ~all`. Use `-all` for stricter enforcement once confident the list is complete.
Facts
Scoring
Scoring formulas are versioned with the methodology. The current method (v1.2.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.
Cited by these standards
Standards in the Standards Library whose satisfiedBy requirement tree references this factor. Each link goes to the standard's full entry — methodology, scope, and the other factors it relies on.
Version history
| Version | Change | Date |
|---|---|---|
| v1.2.0 | Factor introduced. Status: live. Scoring impl: implemented. | 2026-04-25 |