Document information

Document ID:4555
Subject:Sender Policy Framework (SPF)
Creation date:12/14/15 4:35 PM
Last modified on:8/13/18 11:26 AM

Sender Policy Framework (SPF)

Sender Policy Framework (SPF), formerly Sender Permitted From, is an extension to the SMTP standard. SPF makes it easy to counter most forged "From" email addresses, and helps counter e-mail spam. The combination is also called SMTP+SPF.

How SPF works

SPF is a mechanism where domain owners announce where an email can come from, for their domain. This announcement is done through a DNS server. For example, Microsoft exposes their SPF record in their DNS, which lists a set of IP addresses where an email can originate if the domain name is If a message comes from any other IP address it should be considered as a forgery.

Creating an SPF record for your domain

Xeams comes with an SPF wizard that allows you to create an SPF string. Once the string is created, you need to create a TXT record in your DSN with this string. The following steps show you how to use this wizard.
  • Log in to the Admin Console
  • Click Tools on the main menu (Do not click any item in the pop-up menu - click Tools itself)
  • Scroll down and type your domain name for SPF Wizard and click Proceed
  • The generated string must be added in your DNS server as a TXT record

Screenshot for SPF wizard


Here are some examples if you wish to create records manually.

Example 1:

Assume every outbound email goes through your email server. In that case, your SPF record will look like:
v=spf1 mx ~all

Example 2:

Assume you have a third-party company that sends outbound emails on your behalf and their public IP address is In that case, your SPF record will look like:
v=spf1 mx ip4: ~all

Example 3:

Taking the above examples one step further, assume you have outsourced your HR department to another company that also uses SPF and can send emails on your behalf. The domain name of that company is In that case, the SPF record will become:
v=spf1  mx ip4: ~all
Notice the ending ~all at the end of each record. This means a SOFTFAIL. An alternative approach is to use a -all, which indicates a FAIL. Receiving server will most likely reject any incoming message that fails an SPF test and see a -all in the SPF record. Further analysis will be performed when a ~all is used before considering it a forged message.

Related Links

User comments

Posted by Gert Jürgensen on 9/23/16 2:51 AM

YES DKIM added Thanks, please also add DMARC And even better add fields/items on message that make it possible in WEBMAIL or Email Clients to see this message has this status/remark for Antivirus SPF DKIM DMARC Example: DMARC - No DKIM, but maybe legit, as SPF are okay.

Posted by Cassio Simoes on 8/20/16 3:45 PM

+1 for dkim, is it supported?

Posted by Joel Simwinga on 8/16/16 9:04 AM

Hi, this post is not so clear, especially after the below points; "Scroll down and type your domain name for SPF Wizard and click Proceed" "The generated string must be added in your DNS server as a TXT record" Are you able to be more precise?

Posted by David Moore on 11/13/15 9:39 PM

What about DKIM? Can Xeams validate DKIM? I am just learning about DKIM and am looking to put it in place. However I am not 100% how it is truely useful in validation.

Posted by Peter on 12/21/16 3:11 PM

For SPF Record, I type my domain name and click Proceed. The next page says "NS Record" and shows some values. How do I add, change, or delete values for NS record?

Posted by Alex on 8/23/16 10:28 AM

Hello, can you tell us is DKIM is supported by XEAMS? If yes How can we depploy it? Thanks

Posted by Vojtech on 9/21/16 2:43 PM

Truth be told, DKIM and DMARC are really necessary feature nowadays. This is something that would really help to filter spam messages a lot.

Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters