It’s not hard to set up SPF.
However, the process can be intimidating to beginners, especially since the odds are (1) you’ve heard you need SPF but (2) you don’t know what it is or what it does.
In this quick guide I’ll walk you through the entire SPF setup process:
- Generating a SPF record
- Setting up SPF for your domain
- Testing to make sure everything worked
And we’ll do it all in five minutes or less. (Well, setup will take five minutes or less. Then waiting for DNS records to propagate can take up to 48 hours.)
This guide is focused on GMass users — meaning you’re sending emails through a Google Workspace account.
Let’s get started.
Set Up SPF: Table of Contents
- What Is SPF (Sender Policy Framework) in Under 100 Words?
- Step 1: Creating Your SPF Record
- Step 2: Adding Your SPF Record to Your Domain
- Step 3: Verifying You’ve Added Your SPF Record
- Set Up SPF: Next Steps
What Is SPF (Sender Policy Framework) in Under 100 Words?
Sender Policy Framework (SPF) is a record where you specify what mail servers are authorized to send emails using your domain.
When a mail server receives an email message from an address at your domain, it uses SPF to verify that the message came from an authorized server (and not from someone spoofing you or sending without your permission).
SPF is one of the three main email authentication methods that mail servers use to check the legitimacy and veracity of messages.
You set up SPF by adding a TXT file to your domain name’s Domain Name System (DNS) records.
What are DKIM and DMARC, and what do they have to do with SPF?
SPF is one of the three primary email authentication methods. The other two are:
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DKIM is like a “digital signature” for your emails which, much like SPF, is used by mail servers to check if a message from your domain comes from an authorized sender. DKIM uses a public key, which is contained in a TXT record in your domain’s DNS settings.
DMARC is another record, one that works with SPF and DKIM. A DMARC policy record indicates that your messages are using SPF and/or DKIM authentication and gives instructions to a mail server on what to do if those methods fail.
Do I need to set up SPF?
As of February 1st, 2024, all mail senders who send email using their own domain name (e.g., [email protected]) rather than a shared email system (e.g., [email protected] or [email protected]) are required to have either a SPF or DKIM record.
So yes, you need to set up SPF (or DKIM).
Bulk senders (basically people sending more than 5,000+ emails per day) need to have both SPF and DKIM records, along with DMARC.
Does having a SPF record help deliverability?
Yes, having a SPF record can help your emails reach the inbox.
To quote Google directly: “Without SPF, messages sent from your organization or domain are more likely to be marked as spam by receiving mail servers.”
Now, it’s important to know: SPF isn’t going to be the only difference between hitting the inbox versus the spam folder. It’s one of many factors that play into your deliverability. But having the email authentication methods in place is certainly helpful.
Do I need to set up SPF if I have a gmail.com email address?
No… because you can’t.
In order to set up SPF, you’ll need to be able to create DNS records for a domain. Google controls the gmail.com domain — and they certainly aren’t about to let random people create DNS records.
Fortunately, they have SPF set up for the domain already so you don’t have to worry about any of this.
What can I do if someone else owns my domain (like the company I work for).
Let’s say you’re a salesperson for Big Corp and your email is [email protected]. You don’t own the bigcorp.net domain and don’t have access to its DNS records — so you can’t set up SPF on your own.
In this case, what you should do is:
- Run the test I show you in the next step to see if there’s already an SPF record in place.
- If not, talk to your boss, the IT department, the domain owner, or anyone else who could get someone to add a DNS record. Explain why you need SPF in place. Celebrate bureaucracy doing its job and eventually hope they do add the SPF record so you can get back to work.
Step 1: Creating Your SPF Record
Time to set up your SPF record. But first… let’s make sure there’s not already one there.
How to check whether you have an SPF record in place
Go to the tool, then copy the email address it provides.
Send an email to that address from your email account.
A few moments later, the tool will show you all the underlying technical details of your email. Click on the SPF tab to see your SPF record.
If you have a SPF record in place, it will show in the SPF Record: line. And if your email passed SPF authentication, you’ll see that result in the SPF Result: line.
If you do not have an SPF record in place, here’s what you’ll see:
If you’ve already got a record in place and you passed SPF authentication, you’re probably good.
(The exception could be if you’re sending emails through both Google Workspace and another SMTP server. In that case, you want to make sure the SPF record includes both senders. We’ll cover adding senders next.)
Creating a SPF record
If you use Google Workspace and don’t use a third-party SMTP server (maybe you don’t even know what a third-party SMTP server is), your SPF record can be a single line:
v=spf1 include:_spf.google.com ~all
Jump ahead to the next section of this article on adding your record at your domain provider.
If you’re using an additional server to send emails — like, perhaps, a third-party SMTP to break Gmail’s limits — you’ll need to add that sender as well.
The SMTP service you’re using will tell you what you need to add to your SPF record (just Google it).
For example, if you’re using SendGrid in addition to Google Workspace to send emails, your SPF record should look like this:
v=spf1 include:_spf.google.com include:sendgrid.net ~all
If you’re using Amazon SES in addition to Google Workspace to send your emails, your SPF record should look like this:
v=spf1 include:_spf.google.com include:amazonses.com -all
This should cover the vast majority of GMass users.
If you need to authorize an IP address or other mail servers, you can find more details on adding those to your SPF record in Google’s documentation.
Step 2: Adding Your SPF Record to Your Domain
Now that you have your SPF record, you’ll need to add it to your domain.
You can do that at your domain registrar (this is most likely if you’re a beginner or solo operation), your web host if it manages your DNS (possible), or your domain’s third-party DNS management service (unlikely for beginners).
In this section, I’ll show you how to add the record at your domain registrar.
If you go to your domain registrar to add this info and it tells you your DNS is managed at your web host, log into your host and look for their DNS management area. You can also ask their support for help if needed. You’ll see something like this if your name servers are managed elsewhere:
How to input your SPF record at your domain registrar
Here’s an example at GoDaddy. Your registrar’s interface won’t look exactly like this but it should work in a similar fashion.
Go to the DNS management for your domain and click on the button (or link, or whatever they use) to add a new record.
Now you’ll enter the following things:
- Type: TXT
- Name/Host: @
- Value: the SPF record you generated in the previous step
- Time-to-Live (TTL): 1 hour or 3600 seconds
Then Save your new record.
You can now scroll through the DNS records for your domain. Look for your new TXT record and make sure everything looks correct.
Now you need to wait a little bit for your new record to work its way through the internet.
It can take up to 48 hours for SPF authentication to start working.
In my experience it’s never taken that long… but I have had it take close to 24 hours on the high end.
Step 3: Verifying You’ve Added Your SPF Record
Once you’ve patiently waited for your record to get through the internet’s tubes, you can check to make sure your record is properly set up and you’re passing SPF alignment.
Head over to GMass’s email analyzer. Copy the email address it provides you.
Send an email to that address and make sure you pass SPF.
If you added a third-party SMTP server to your SPF record, you should also send an email to the analyzer using that server to make sure all is good there as well.
Set Up SPF: Next Steps
Congratulations, you’ve now successfully set up SPF for your domain.
That authentication puts you in compliance with Google and Yahoo’s sender policies for all senders (if you’re a bulk sender, you also need DKIM and DMARC).
Now that you’ve set up SPF and you’re comfortable-ish with editing DNS settings for your domain, there are a few other things you should do to continue to improve your deliverability.
You can set up DKIM. It has an extra step that SPF doesn’t, but again just requires adding a TXT record to your domain.
You should set up DMARC. It works with SPF/DKIM and helps with deliverability. Once again, it just requires adding another TXT record to your domain.
And again, while you’re updating DNS records, you should set up a custom tracking domain. It’s a great way to help deliverability if you’re using open tracking, click tracking, or an unsubscribe link in your emails. It also requires adding a new record to your domain.
Finally, as I said earlier, setting up SPF authentication is just one piece of the deliverability puzzle.
99% of GMass users report the best deliverability they’ve ever had — because we’re doing everything we can on our end to improve your chances of getting to the inbox.
You can find out for yourself by signing up for a free trial of GMass where you can send up to 50 emails per day. And it’s incredibly easy to get started — just download the Chrome extension to start sending.