SPF

How SPF Works

SPF is published as a DNS TXT record that lists the IP addresses and domains authorized to send email for your domain:

1. DNS Publish: You add an SPF record to your domain's DNS
2. Email Sent: An email is sent claiming to be from your domain
3. Server Check: The receiving server looks up your SPF record
4. IP Validation: It checks if the sending server's IP is authorized
5. Result: Pass, fail, or soft fail based on the policy

SPF Syntax

v=spf1 include:_spf.transactional.dev include:_spf.google.com -all

• v=spf1 - SPF version (always spf1)
• include: - Include another domain's SPF record
• -all - Fail emails from unauthorized servers
• ~all - Soft fail (mark as suspicious but don't reject)
• ?all - Neutral (no policy)

Setting Up SPF with Transactional

Add our SPF include to your existing SPF record:

v=spf1 include:_spf.transactional.dev [your other includes] -all

If you don't have an SPF record yet:

v=spf1 include:_spf.transactional.dev -all

Common Mistakes

Too Many DNS Lookups

SPF has a limit of 10 DNS lookups. Each include: counts as one lookup. If you exceed this, SPF will fail.

Multiple SPF Records

You can only have ONE SPF record per domain. Combine all includes into a single record.

Forgetting to Update

When you add new email services, remember to update your SPF record to include them.