SPF is a standard email authentication method. SPF helps protect your domain against spoofing, and helps prevent your outgoing messages from being marked as spam by receiving servers. SPF specifies the mail servers that are allowed to send email for your domain. Receiving mail servers use SPF to verify that incoming messages that appear to come from your domain were sent by servers authorized by you.
Without SPF, messages sent from your organization or domain are more likely to be marked as spam by receiving mail servers.
Email authentication requirements for sending to Gmail accounts
Starting November 2022, new senders who send email to personal Gmail accounts must set up either SPF or DKIM. Google performs random checks on new sender messages to personal Gmail accounts to verify they’re authenticated. Messages without at least one of these authentication methods will be rejected with a 5.7.26 error, or marked as spam. This requirement doesn’t apply to you if you’re an existing sender. However, we recommend you always set up SPF and DKIM to protect your organization’s email and to support future authentication requirements. If you need help setting up email authentication for your organization, contact your email service provider.
Get started
Go to the steps for setting up SPF.
Email authentication for Gmail
In addition to SPF, we recommend that you set up DKIM and DMARC. These authentication methods provide more security for your domain, and help ensure messages from your domain are delivered as expected. For more information on DKIM and DMARC, go to Help prevent spoofing, phishing, and spam.
Video: Why set up email authentication?
Why set up email Authentication?
Email authentication helps prevent messages your organization sends from being flagged as spam.
Video: What are SPF and DKIM
SPF and DKIM help prevent spammers from impersonating your organization.
How SPF protects against spoofing and spam
Helps prevent spoofing
Spammers can forge your domain or organization to send fake messages that appear to come from your organization. This is called spoofing. Spoofed messages can be used for malicious purposes. For example spoofed messages can spread false information, send harmful software, or trick people into giving out sensitive information. SPF lets receiving servers verify that mail that appears to come from your domain is authentic, and not forged or spoofed.
To further protect against spoofing and other malicious email activity, we recommend you also set up DKIM and DMARC.Helps deliver messages to recipients' inboxes
SPF helps prevent messages from your domain from being delivered to spam. If your domain doesn’t use SPF, receiving mail servers can’t verify that messages that appear to be from your domain actually are from you.
Without SPF, receiving servers might send your valid messages to recipients' spam folders, or might reject valid messages.
What you need to do
|
|
|
|
|
Before you set up SPF
For details, go to Before you set up SPF. |
|
|
|
|
|
Define your SPF record—BasicTip: This article is for people who don't have experience setting up SPF or email servers.
For details, go to Define your SPF record—Basic setup. |
|
|
|
|
|
Define your SPF record—AdvancedTip: This article is for IT professionals and people who have experience setting up email servers.
For details, go to Define your SPF record—Advanced setup. |
|
|
|
|
|
Add your SPF record at your domain provider
For details, go to Add your SPF record at your domain provider. |
|
|
|
|
|
Troubleshoot SPF issues
For details, go to Troubleshoot SPF issues. |
|
|
|
