SPF Record
Also known as: Sender Policy Framework, SPF DNS record
SPF (Sender Policy Framework) is a DNS TXT record published on a sending domain that lists the IP addresses and hostnames authorised to send email for that domain. When a receiving mail server gets a message claiming to be from your domain, it checks the SPF record. If the sending IP is not listed, the receiver can mark the message as suspect or reject it outright. SPF is one of the three core authentication standards alongside DKIM and DMARC.
An SPF record lives at the root of your domain's DNS as a TXT entry beginning with `v=spf1`. A typical record reads something like `v=spf1 include:_spf.google.com include:sendgrid.net -all`. The mechanisms after `v=spf1` enumerate which servers are allowed to send. `include:` references another domain's SPF policy (used to chain providers like Google Workspace, Microsoft 365, SendGrid, Mailgun). The qualifier at the end (`-all`, `~all`, `?all`) controls how strictly the receiver enforces the policy.
Why SPF matters in 2026
SPF on its own does not prove a message came from you. it only proves the sending IP was authorised. Modern deliverability requires SPF, DKIM, and DMARC together. But misconfigured SPF is still the most common cause of legitimate cold-outbound mail landing in spam. Three patterns repeatedly cause inbox-placement problems:
- Too many includes. SPF has a 10-DNS-lookup limit. Chaining four or five `include:` mechanisms blows past it and the record fails to evaluate. Receivers treat the result as no SPF at all.
- Soft fail by default. A `~all` ending tells the receiver to "mark suspect, don't reject" when the IP is not listed. For cold-outbound, this is rarely strict enough. `-all` (hard fail) is the right ending for a domain that knows its full sender list.
- Missing the outbound sender. Teams adding a new tool (Saleshandy, Apollo, Outsolvi) to send from their domain forget to update SPF. The new tool's IPs are unauthorised and the messages get downgraded.
Common misconceptions
"SPF alone is enough." No. SPF can be spoofed by anyone who sends from an authorised IP. DKIM signs the message body and DMARC ties SPF and DKIM to the visible From address. all three are required to land cold-outbound at scale.
"SPF affects open tracking." Indirectly. Open tracking pixels are loaded from the tracker's domain (`tracker.outsolvi.com`, etc.), not yours. SPF on your domain does not authenticate the tracking pixel request. But if SPF is misconfigured and your email lands in spam, the recipient never sees the email and no open fires regardless of the tracker.
Frequently asked questions
Can I have more than one SPF record?+
No. RFC 7208 specifies one SPF record per domain. Two SPF records cause receiving servers to treat SPF as permerror and ignore both. Multiple sending services must be combined into a single record with `include:` mechanisms.
What is the 10-lookup limit?+
SPF must resolve in 10 DNS lookups or fewer. Each `include:`, `a`, `mx`, `ptr`, and `exists` mechanism counts. Hitting the limit causes a permerror and the receiving server ignores SPF entirely. Tools like dmarcian or MxToolbox count the lookups for you.
Does Outsolvi require an SPF change?+
No. Outsolvi tracks open and click events on a tracking subdomain; it does not send mail on your behalf. Your sending platform (Google Workspace, Microsoft 365, your cold-outbound tool) is what SPF authorises. Outsolvi's tracking is independent of SPF.
Put this concept into practice
Free tools, articles, and features on this same topic.
Related glossary terms
Want accurate tracking that handles SPF Record?
Outsolvi tracks Outlook and Gmail with Tier 1 to 5 confidence scoring on opens, hot-lead detection, and AI reply sentiment at $7/user/mo billed yearly. 14-day free trial, no credit card.
Start 14-Day Free TrialNate built Outsolvi after watching every email-tracking tool he had ever used lie to him about opens. Outsolvi runs Tier 1 to 5 confidence scoring on every open, native in Outlook and Gmail, so the number on the dashboard is one a rep can actually act on.
We update these pages when the underlying mechanics change. new mailbox-provider rules, new tracker behavior, new measurement gaps. The dates above are real revisions, not auto-touches.