SPF
Sender Policy Framework - a DNS-based email authentication protocol.
1 min readLast updated Apr 2026
Quick Reference
CategoryEmail Marketing & Klaviyo
Related Terms2
Sender Policy Framework - a DNS-based email authentication protocol.
Why It Matters
SPF tells receiving servers which IP addresses are authorized to send email on behalf of your domain. Without SPF, anyone can spoof your domain—and receiving servers may reject or spam-filter legitimate emails. SPF is the first layer of email authentication and is now required by Gmail and Yahoo.
Practical Example
Scenario
A furniture brand's emails start landing in spam. Investigation reveals their SPF record is missing their ESP (Klaviyo) as an authorized sender.
Calculation
Emails from Klaviyo's servers fail SPF checks because the domain doesn't authorize themResult
After adding Klaviyo's include statement to their SPF record, deliverability recovers within 48 hours.
Pro Tips
- 1Include all legitimate sending sources: your ESP, transactional email service, CRM, etc.
- 2Use 'include:' statements for third-party services rather than listing IPs directly
- 3Keep SPF records under the 10 DNS lookup limit (use SPF flattening if needed)
- 4End with '-all' (hard fail) for strictest protection, or '~all' (soft fail) during testing
Common Mistakes to Avoid
Forgetting to add new email services to SPF when onboarding them
Exceeding the 10 DNS lookup limit, which causes SPF to fail entirely
Using '+all' which allows anyone to send as your domain