SPF

Also known as: Sender Policy Framework

SPF is a setting on your domain that lists which services are allowed to send email as your business — without it, anyone can pretend to be you and your real email is more likely to be junked.

What it is

SPF stands for Sender Policy Framework. It’s a single line of text added to your domain’s settings (its DNS records) that names the mail services allowed to send email using your name — for example your normal email provider, your invoicing app, or your newsletter tool.

When someone receives an email claiming to be from you, their mail provider (Gmail, Outlook, and the rest) checks your SPF line to see if the sending service is on the approved list. If it isn’t, the message is treated as suspect.

Why it matters to your business

Faking the “from” address on an email is trivially easy and costs a scammer nothing. SPF is the cheapest way to make your domain harder to impersonate — so criminals can’t as easily email your customers fake invoices or email your staff fake payment requests that look like they came from you.

It also keeps your own email out of the spam folder. Big providers now actively junk or reject mail from domains they can’t verify. No SPF, or a broken one, and your genuine quotes and invoices can quietly disappear into spam — you lose deals and never find out why.

How to tell / what to do

You can check your domain for free with our checker — it tells you in plain English whether SPF exists and whether it’s set strictly enough. If it’s missing or weak, the fix is one or two lines added to your domain settings by whoever runs your website or IT. It takes a few minutes and it’s always free. See the SPF fix guide.

Want to fix this on your own domain? See the free guide →