Home / Tools / Set up SPF record to authenticate your sending domain
Email Deliverability · Scan Check Guide

Set up SPF record to authenticate your sending domain

20 min Impact: high Effort: medium ✓ Scan-verified — no manual checkbox

SPF (Sender Policy Framework) is a DNS record listing exactly which mail servers are authorized to send email on behalf of your domain — without it, anyone can send email that claims to be from you, and receiving mail servers have no way to tell the difference.

SPF tells mail servers which servers are authorized to send email from your domain. Without it, your emails land in spam AND anyone can spoof your domain to phish your customers.

How to fix it

  1. 1
    List every service that legitimately sends email as your domain
    Your main mail provider, plus any marketing tools, transactional email services, or CRMs that send on your behalf.
  2. 2
    Build the SPF record
    v=spf1 include:_spf.yourmailprovider.com include:othertool.com ~all — each legitimate sender gets an include, ending with ~all (soft fail) or -all (hard fail).
  3. 3
    Add it as a TXT record
    Add this exact string as a TXT record at your domain's root in your DNS settings.
  4. 4
    Verify it validates
    Use an SPF checker to confirm the record is syntactically correct — a broken SPF record can be worse than none at all.

Common mistakes

How you'll know it's done

A valid SPF record lists every legitimate sending service and ends with an appropriate all mechanism.

Tools that help

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →