All fix guides

How to add an SPF record

Publish which servers may send email as your domain so spoofed mail gets rejected.

What it is

SPF (Sender Policy Framework) is a DNS TXT record listing the mail servers authorized to send on your domain's behalf.

Why it matters

Without SPF, anyone can send phishing emails that appear to come from your domain, damaging your brand and deliverability.

How to fix it

  1. 1List your senders (e.g. Microsoft 365, Google, your ESP) and their SPF includes.
  2. 2Publish one TXT record on your root domain, e.g. `v=spf1 include:spf.protection.outlook.com include:_spf.google.com -all`.
  3. 3Use `-all` (hard fail) once you're confident every legitimate sender is listed; `~all` (soft fail) while testing.
  4. 4Keep it to a single SPF record with fewer than 10 DNS lookups.
  5. 5Re-scan to confirm SPF is published.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy