Email health

SPF

Lists which servers are allowed to send mail as your domain. Half of DMARC; you need it.

Authority: IETF
Version: RFC 7208
Jurisdiction: Global
Source: datatracker.ietf.org
Last reviewed: 2026-04-28
Last verified: pending

What it is

Sender Policy Framework — RFC 7208. A DNS TXT record enumerating the IPs and hostnames authorized to send mail on behalf of the domain. Receiving servers check it against the connecting server's IP.

Why it matters

SPF is the cheapest, oldest piece of email auth. No SPF, no DMARC pass via SPF — meaning more legitimate mail lands in spam.

Who it applies to

Every domain that sends email.

How WQI scores it

Web Quality Index considers this standard satisfied when the supporting factor passes.

#	Factor	Status
3	SPF record present and valid	live

Related standards

See also: DMARC , DKIM

Standards that share factors with this one

Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.

Bulk-sender requirements (Apple / Google / Yahoo) 1 shared factor Email health The de-facto standard for marketing mail since February 2024. SPF + DKIM + DMARC, RFC 8058 one-click unsubscribe, and a spam-complaint rate under 0.30%. Miss any of these and Gmail / Yahoo throttle or reject.

Other references

guidance M3AAWG SPF deployment recommendations

Examples

Passing DNS record (Google Workspace + a vendor) dns

example.com.  IN TXT  "v=spf1 include:_spf.google.com include:sendgrid.net -all"

-all is hard fail; ~all is soft fail. Use -all once you're confident every legitimate sender is enumerated.

Implementation guidance

Cloudflare Cloudflare DNS — Add an SPF record
Google Workspace Define an SPF record
Generic OpenSPF authoritative reference