SPF

SPF (Sender Policy Framework) is a DNS-based email authentication standard, defined in RFC 7208. The owner of a sending domain publishes a single TXT record listing which IP addresses or third-party services are authorised to send email "from" that domain. When a receiving mail server gets a message claiming to be from @yourcompany.com, it queries the SPF record at yourcompany.com and verifies whether the message originated from one of the listed IPs. If it did, SPF passes; if not, SPF fails.

The TXT record begins with v=spf1 and ends with an "all" qualifier:

v=spf1 include:amazonses.com -all

Common mechanisms:

• include:domain — recursively include another domain's SPF (used for ESPs).
• ip4:1.2.3.4 / ip6:::1 — explicit IP authorisation.
• a, mx — authorise the domain's A or MX record IPs.
• -all hard-fail (reject), ~all soft-fail (mark suspect), ?all neutral.

SPF caps the total number of recursive DNS lookups at 10 per evaluation (RFC 7208 §4.6.4). Each include:, a, mx, exists:, and redirect= consumes one lookup; nested includes count cumulatively. Stacking too many third-party services causes a permerror which most receivers treat as a failure. ip4: and ip6: mechanisms cost zero lookups, so collapse stale includes into explicit IP ranges when the count creeps past 7-8.

AcelleMail does not generate or sign SPF — that is a DNS-zone responsibility on the operator side. The setup pattern is: pick your sending vendor (Amazon SES is the recommended pairing per the /pricing page), publish an SPF record that includes their sending domain (include:amazonses.com for SES), point the AcelleMail sending server at the same vendor credentials, and the SPF chain is closed. The deeper walk-through with troubleshooting lives in the deliverability pillar guide.