Record Existence

SPF is a method for authenticating email. By publishing a SPF record, you are declaring who is allowed to send valid email from your domain. This helps prevent forged emails from being sent from your domain and protects your customers from getting spam or phishing emails from your domain.

An SPF record is a DNS TXT record with a value that starts with "v=spf1". Your domain should only have one of these and it should be at the root level of your domain. In other words, the record name is blank. Here is an example:

v=spf1 a mx ip4:123.123.123.123 include:amazonses.com ~all

SPF has some flaws. For example, it breaks automated email forwarding. If your customer has all of their email forwarded from one email address to another, then the SPF validation will fail because their first email address is not a valid sender for your domain. Also, it is possible for a malicious sender to spoof your IP address, thus allowing them to pass the SPF check. It's still important to have a valid SPF record, but you should also use DKIM.

If you don't send email, you should create a minimal "v=spf1 -all" SPF record to tell recipients that nobody is allowed to send email from your domain.

To learn more about SPF and other email authentication mechanisms, please read our article on Best Practices for Sending Email.