© Crown copyright 2016
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: firstname.lastname@example.org.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/email-security-standards/sender-policy-framework-spf
What is SPF?
Sender Policy Framework (SPF) validates the email domain a message was sent from by listing valid sending IP addresses or domains in the DNS record. This lets recipient email services check if an email came from a valid IP or domain and mark it as spam if it didn’t.
SPF records must exist on the sender domain’s DNS record which the recipient email service must check on receipt of an email. The recipient can set rules to process messages accordingly. An example rule would look for messages that fail the SPF check and mark them as spam, or increase the spam score.
This diagram shows how SPF works: