What is the difference between SPF results and SPF?

What is the difference between SPF results and SPF?

SPF Stands for Sender Policy Framework, it assists in adding restrictions on your DNS server and defines who can send email from your domain. Besides, SPF plays a vital role in preventing domain spoofing as it doesn’t allow unauthorized sources to use your domain.

SPF results depend on whether the sending server is authorized in the SPF record.
SPF depends on the policy (relaxed or strict).

In the sources section, you will see that there are two SPF columns, here is a breakdown of what these two columns mean:


  • SPF domain: This column is the domain specified in your mail header as the return path header, envelope address or bounce address.

  • From domain: This is the sending email address the recipient will receive email from. It will appear as the from domain in the email header.


  • SPF results: This column checks if your SPF domain is authorized to use the particular source to send email or not. It will display Pass if the sending server’s IP address is authorized by the SPF record published in the DNS of the SPF domain.


  • SPF: This column will pass if your From domain and SPF domain are aligned, and if they abide by the set SPF policy. If the return-path domain aligns with the From domain, SPF is considered aligned. Next, it checks if they follow the below SPF policy:


Relaxed policy (alignment):

In this policy SPF domain and From domain must be an exact match or a parent/child match. This policy allows a subdomain to be used and still meet the domain alignment requirement.



SPF domain

From domain

SPF 

mail.example.com

example.com

pass

example.mail.com

example.com

fail

example.com

example.com

pass



Strict policy (alignment):

In this policy SPF domain and From domain must be an exact match for the SPF to pass.



SPF domain

From domain

SPF 

mail.example.com

example.com

fail

example.mail.com

example.com

fail

example.com

example.com

pass

mail.example.com

mail.example.com

pass



DMARC passes if either SPF or DKIM passes and is aligned with the From domain.



    • Related Articles

    • How Is DMARC Records Different From SPF And DKIM?

      SPF (Sender Policy Framework) is a DNS TXT record that defines which mail servers are authorized to send emails on behalf of a specific domain. It helps prevent unauthorized systems from spoofing your domain. Since SPF is published in DNS, only the ...

    • What is the difference between DKIM results and DKIM?

      DKIM (DomainKeys Identified Mail) is an email authentication method which makes sure your messages aren’t altered during the transaction between the sending and recipient servers. Typically, DKIM provides a key and signature that makes a user ...

    • SPF DNS Lookup Limit?

      SPF DNS Lookup Limit – “Too many DNS lookups” error Due to the SPF specification limit, the maximum number of DNS lookups allowed is 10. The SPF will fail if your SPF record results in more than 10 DNS lookups. The mechanisms which are counted ...

    • Can We Setup DMARC Using SPF?

      Yes, you can set up DMARC without DKIM and even if you only have DMARC and SPF setup. In cases where the DKIM check fails, DMARC authentication is dependent on the SPF check and SPF identifier alignment, which works but is not that optimal. DMARC ...

    • How to Setup SPF for Forcepoint-Websense?

      Forcepoint-Websense supports SPF email authentication protocol. For sending DMARC compliant emails via Forcepoint, you would need to verify your domain on your Forcepoint account and publish a DNS TXT record that includes Forcepoint. Follow the steps ...