SPF (Sender Policy Framework) is a record in your domain's DNS that names the servers and services allowed to send email as you - your mail provider, your marketing platform, your helpdesk, and so on. When a receiving server gets a message, it checks whether the sending server is on that list.
Without SPF, a receiver has no way to know whether a server sending "as you" is legitimate. With it, mail from unauthorised servers can be flagged or rejected - and your DMARC policy can act on the result. Get it wrong, though, and legitimate mail can quietly start failing.
A single, accurate record that covers every service you genuinely send from, stays within the protocol's lookup limits, and ends in a strict policy so unlisted servers are treated as fakes. The hard part is keeping it correct as your sending services change - which is exactly what we watch for you.
Related: DKIM · DMARC · MTA-STS · TLS-RPT · DNSSEC · Blacklist monitoring
DMARCER checks your SPF continuously and tells you, in plain English, where it's exposing you.
Get started