SPF TXT record basics at the domain apex
spf txt record basics · spf validator · v=spf1
SPF TXT record basics at the domain apex. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
By DN01 Email Team
SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. spf txt record basics at the domain apex. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.
Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. spf txt record basics at the domain apex. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.
Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. spf txt record basics at the domain apex. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes.
Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. spf txt record basics at the domain apex. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. spf txt record basics at the domain apex. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.
SPF TXT record basics at the domain apex — 1
SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes.
Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
SPF TXT record basics at the domain apex — 2
Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.
SPF TXT record basics at the domain apex — 3
Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors.
Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.
SPF TXT record basics at the domain apex — 4
Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.
DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.
SPF TXT record basics at the domain apex — 5
DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers.
DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.
| Signal | Meaning |
|---|---|
| v=spf1 | SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. |
| Mechanisms | Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. |
| Lookup limit | Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. |
| Terminal all | Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands. |
Frequently asked questions
- SPF TXT record basics at the domain apex
SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all.
- DN01
Receivers enforce a ten-DNS-lookup budget while evaluating includes and redirects; exceeding it causes permerror for strict parsers. DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes.
- DMARC
DMARC alignment requires the SPF authenticated domain to match the organizational From domain under relaxed or strict aspf modes. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
- DNS
Each mechanism—include, ip4, ip6, mx, a, ptr, exists, or redirect—adds an authorization rule evaluated in order until a match or terminal all. Terminal all with -all rejects unauthorized mail, ~all soft-fails, ?all is neutral, and +all is dangerously permissive for production brands.