Skip to content
D1
EN
Guides

Include mechanisms and third-party senders

include mechanisms third party senders · spf validator · v=spf1

Include mechanisms and third-party senders. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.

By DN01 Email Team

SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. include mechanisms and third-party senders. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.

Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. include mechanisms and third-party senders. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.

Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. include mechanisms and third-party senders. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes.

Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. include mechanisms and third-party senders. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.

DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. include mechanisms and third-party senders. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.

Include mechanisms and third-party senders — 1

SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes.

Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.

Include mechanisms and third-party senders — 2

Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.

Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.

Include mechanisms and third-party senders — 3

Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.

Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.

Include mechanisms and third-party senders — 4

Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.

DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.

Include mechanisms and third-party senders — 5

DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.

DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.

Include mechanisms and third-party senders
SignalMeaning
v=spf1SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.
MechanismsEach mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.
Lookup limitReceivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.
Terminal allTerminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.

Frequently asked questions

Include mechanisms and third-party senders

SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.

DN01

Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes.

DMARC

DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.

DNS

Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.