⚡ Folderly Flash Test my email →

Fix a failing SPF record

SPF (Sender Policy Framework) is a DNS record listing which servers may send mail for your domain. When it fails, mailbox providers treat your message as possibly forged — a direct hit to placement.

Why mailbox providers enforce this

SPF is one of the three pillars Gmail and Yahoo require from bulk senders. A `~all` softfail is tolerated but weak; a missing or broken SPF record means the receiver can't confirm your sending server is authorized, so DMARC can't align on SPF and your reputation suffers.

How to fix it

  1. Publish one SPF TXT record at the domain root, starting with v=spf1.
  2. Include every service that sends on your behalf (e.g. include:_spf.google.com, include:sendgrid.net).
  3. End with ~all (softfail) or -all (hardfail). Use -all once you're confident every sender is listed.
  4. Stay under 10 DNS lookups — too many include: statements cause a permerror that fails SPF entirely. Flatten if needed.
  5. Never publish more than one SPF record per domain; multiple records is itself a permerror.
Don't guess — measure it. Send one email to Folderly Flash and see exactly which checks pass or fail for your message, in 30 seconds. No signup.
Run a free test →

FAQ

What does SPF softfail mean?
A ~all softfail means 'mail from servers not listed is suspicious but accept it.' It passes SPF loosely. -all (hardfail) tells receivers to reject unlisted servers — stronger, but only safe once your record is complete.
Why does SPF pass but DMARC still fail?
DMARC requires alignment: the SPF-authenticated domain must match your visible From domain. If you send via an ESP whose envelope domain differs, SPF passes for the ESP but doesn't align with your From — so DMARC fails on SPF. DKIM alignment usually saves you here.

Related

Want a deliverability engineer to fix this for you? Hand it to Folderly →