SPF Record Syntax
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.
“v=spf1 -all”If a mechanism results in a hit, its qualifier value is used. The default qualifier is “+“, i.e. “Pass”. For example:
"v=spf1 a -all"
"v=spf1 a mx -all"
"v=spf1 +a +mx -all"
Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is “Neutral”.
If a domain has no SPF record at all, the result is “None”. If a domain has a temporary error during DNS processing, you get the result “TempError” (called “error” in earlier drafts). If some kind of syntax or evaluation error occurs (eg. the domain specifies an unrecognized mechanism) the result is “PermError” (formerly “unknown”).
Evaluation of an SPF record can return any of these results:
|Pass||The SPF record designates the host to be allowed to send||accept|
|Fail||The SPF record has designated the host as NOT being allowed to send||reject|
|SoftFail||The SPF record has designated the host as NOT being allowed to send but is in transition||accept but mark|
|Neutral||The SPF record specifies explicitly that nothing can be said about validity||accept|
|None||The domain does not have an SPF record or the SPF record does not evaluate to a result||accept|
|PermError||A permanent error has occured (eg. badly formatted SPF record)||unspecified|
|TempError||A transient error has occured||accept or reject|
The “ip4” mechanism
The argument to the “ip4:” mechanism is an IPv4 network range. If no prefix-length is given, /32 is assumed (singling out an individual host address).
“v=spf1 ip4:192.168.0.1/16 -all”
Allow any IP address between 192.168.0.1 and networks