SPF – or Sender Policy Framework – records, are used to specify who is allowed to send email on behalf of your domain. These records are programmed into the DNS of your domain and queried by other servers on the Internet.
They are important, not just to help prevent your valid email from being marked as spam, but also to protect your staff – and your brand – from misuse by someone pretending to represent you.
SPF records can be viewed using the nslookup or dig commands – or an online DNS lookup tool – querying the ‘TXT’ record for your domain.
An SPF record looks like this:
v=spf1 include:spf.protection.outlook.com ~all
Armed with the knowledge that ‘spf.protection.outlook.com’ is Microsoft 365’s server, this can be translated as ‘Microsoft 365 is allowed to send emails on behalf of this domain’.
SPF is one of the 3 core authentication ‘protocols’ that are essential for guaranteeing Email Deliverability