Tired of reading emails?
Let AI extract your action items
Unboxd reads every email and gives you a daily briefing with only what matters.
Build an SPF record to authorize your email senders, or check any domain's existing SPF configuration.
Configure your SPF settings or enter a domain to check its existing record.
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. Receiving servers check SPF records to verify that incoming mail from a domain comes from a host authorized by that domain's administrators. Without SPF, anyone can forge your domain in the "From" address.
An SPF record starts with v=spf1, followed by mechanisms that define allowed senders. Common mechanisms include include: (authorize third-party services like Google or Microsoft), ip4: and ip6: (authorize specific IP addresses), a (authorize the domain's A record), and mx (authorize the domain's mail servers). It ends with an all qualifier that defines the default action.
The qualifier at the end of an SPF record defines what happens to emails from unlisted senders. -all (hard fail) rejects unauthorized emails outright. ~all (soft fail) marks them as suspicious but still delivers. ?all (neutral) takes no action. +all allows everything and is not recommended. Most organizations should use -all for the strictest protection.
SPF records are limited to 10 DNS lookups during validation. Each include:, a, mx, ptr, and redirect mechanism triggers a lookup. If your record exceeds 10 lookups, SPF validation will fail with a "permerror." To fix this, reduce includes, use ip4/ip6 instead of hostnames, or flatten your SPF record.
Unboxd reads every email and gives you a daily briefing with only what matters.