SPF (Sender Policy Framework) is an essential email authentication method that prevents your messages from being marked as spam. In this article, we explain what SPF is, why it's important, and how to set it up correctly.

What is SPF?

SPF is a DNS record that indicates which mail servers are allowed to send email on behalf of your domain. When a receiving mail server gets an email, it checks the SPF record to verify that the sending server is authorized.

Why is SPF important?

• Prevents spam marking of your legitimate emails
• Protects against spoofing - others can't easily pretend to be you
• Improves deliverability - your emails arrive better
• Required by major providers - Gmail, Outlook and others check SPF

Checking your current SPF record

Via MXToolbox

1. Go to mxtoolbox.com/spf.aspx
2. Enter your domain (for example: yourdomain.com)
3. Click "SPF Record Lookup"
4. You'll see your current SPF record and any issues

Via terminal

dig TXT yourdomain.com +short | grep spf

or

nslookup -type=txt yourdomain.com

Creating or modifying SPF record

Step 1: Identify your mail servers

Determine which servers send email on behalf of your domain:

• Your hosting mail server (Theory7)
• External services (Mailchimp, SendGrid, Google Workspace, etc.)
• Your own applications that send email

Step 2: Build your SPF record

An SPF record always starts with v=spf1 and ends with an action (-all, ~all, etc.).

Basic SPF for Theory7 hosting:

v=spf1 include:_spf.theory7.net ~all

With extra services:

v=spf1 include:_spf.theory7.net include:_spf.google.com include:servers.mcsv.net ~all

SPF mechanisms explained

SPF qualifiers (actions)

Step 3: Add SPF record in DirectAdmin

1. Log in to DirectAdmin
2. Go to DNS Management
3. Look for existing TXT records with "spf"
4. If there's already an SPF record: Edit this record
5. If there's no SPF record: Add a new TXT record

Fill in the fields:

• Name/Host: Leave empty or enter @ (for the main domain)
• Type: TXT
• Value: Your SPF record (e.g.: v=spf1 include:_spf.theory7.net ~all)
• TTL: 3600 (1 hour) or default

6. Save and wait 1-24 hours for DNS propagation

Fixing common SPF errors

"SPF record not found"

Cause: No SPF record is configured.

Solution: Add an SPF record as described above.

"Too many DNS lookups"

Cause: SPF allows a maximum of 10 DNS lookups. Each include: counts as a lookup.

Solution:

• Combine where possible
• Replace include: with direct IPs where possible
• Use an SPF flattening service

"Multiple SPF records"

Cause: You have more than one SPF record. This is not allowed.

Solution: Combine all SPF rules into one record.

Wrong:

v=spf1 include:_spf.google.com ~all
v=spf1 include:_spf.theory7.net ~all

Correct:

v=spf1 include:_spf.google.com include:_spf.theory7.net ~all

"SPF PermError"

Cause: Syntax error in your SPF record.

Solution: Check for typos, missing spaces, or wrong order.

SPF for popular services

Google Workspace / Gmail

include:_spf.google.com

Microsoft 365

include:spf.protection.outlook.com

Mailchimp

include:servers.mcsv.net

SendGrid

include:sendgrid.net

Complete example

If you use Theory7 hosting + Google Workspace + Mailchimp:

v=spf1 include:_spf.theory7.net include:_spf.google.com include:servers.mcsv.net ~all

Testing SPF

After setup

1. Wait for DNS propagation (1-24 hours)
2. Test with MXToolbox: mxtoolbox.com/spf.aspx
3. Send a test email to a Gmail address
4. Check the headers - look for "spf=pass"

Checking headers in Gmail

1. Open the received test email in Gmail
2. Click the three dots on the right > "Show original"
3. Look for the line with "SPF"
4. You want to see: spf=pass

SPF and DKIM/DMARC

SPF works best in combination with:

• DKIM - Digital signature for your emails
• DMARC - Policy that combines SPF and DKIM

Together they form the gold standard for email authentication.

Need help?

We're here for you! Running into issues or have questions? Our support team is happy to help you personally. Drop us a message through the ticket system - we usually respond within a few hours and love helping you find the best solution.