SPF mail, does that mean anything to you? No, it’s not a new sunscreen for your inbox, but rather the invisible shield that protects your emails (and your reputation) every time you send one. 📨
Imagine for a second: your ICPs are ready, your content makes people want to book a call with you, and yet your emails disappear into thin air, aka the spam folder… 🕳️
The cause? Often a poorly configured or even non-existent SPF.
That’s why we’re here, to show you how this protocol can save your multi-channel prospecting campaigns, boost your response rates, and improve your domain reputation! 😇
Don’t worry, you don’t need to be a professional. This guide is designed for sales ops, marketers, founders, or anyone else who wants to understand how SPF, DKIM, DMARC, and everything else works without spending all night on it. 🌚
Ready to take it to the next level? Let’s go! (Reading time: 7 minutes). 🚀
What is SPF mail?
SPF mail, or Sender Policy Framework, is an email authentication protocol. It allows a domain name (e.g., yourcompany.com) to publicly declare:
« These are the servers authorized to send emails on my behalf. » 👀This declaration is made via a TXT record in your domain’s DNS. It’s a kind of whitelist.
Basically, if a server tries to send an email without being on the list, it may be blocked, marked as spam… or ignored. 🙈
Okay, but how does it work? 🤔
Let’s visualize the scene.
Imagine a bouncer at the entrance to each email inbox (Gmail, Outlook, Orange, etc.). When an email arrives, they check:
“ Is this server on the domain’s SPF list? ”:- Yes → he lets it in (and potentially into the inbox).
- No → it goes to the spam folder, or is simply rejected.
SPF does not look at the content of the message, just the server that sends it.
But then, what exactly is it for? 🧐
In practical terms, SPF allows you to:
- Prevent your emails from ending up in spam.
- Prevent spoofing of your domain.
- Improve your sender reputation.
- Boost the deliverability of your email campaigns and cold emails.
As you can see, an email that doesn’t make it to the inbox means a failed campaign. 🫠
Why is SPF crucial for your campaigns?
Let’s not beat around the bush: without SPF, there’s no guarantee that your emails will reach the inbox.
And we’re talking about all your mailings, including prospecting, marketing, support, and billing. 💸
Without SPF, expect:
- Skyrocketing bounce rates (your emails are simply rejected).
- Invisible campaigns (spam or promotions tab).
- A plummeting sender reputation.
- Spoofing/phishing risks (someone can send emails pretending to be you).
On the business side, this is not ideal: ⤵️
fewer opens → fewer clicks → fewer responses → fewer qualified leads.
Another important thing to know: in France, French ISPs (Orange, Free, SFR, etc.) are particularly strict when it comes to anti-spam rules.
If you don’t have SPF, they won’t hesitate to block or blacklist your domain… ✋
The limitations and pitfalls of SPF
Now that you understand the importance of SPF, you need to know what mistakes to avoid before configuring it. ⤵️
| Common mistake | What it causes | What to do |
|---|---|---|
| Too many services included | SPF exceeds the limit → your emails are rejected | Limit to 10 entries, combine intelligently |
| Bad copy-paste | One mistake = SPF unusable | Check the syntax (using a tool such as MXToolbox) |
| Multiple SPFs created | The DNS only keeps one → conflict! | Only one SPF with all services listed |
| Addition of an undeclared tool | Emails sent from this service are blocked | Update the SPF with each new tool |
| Email redirection | SPF fails on transfers | Also rely on DKIM + DMARC |
-all Too strict | All unlisted emails are rejected | Prioritize ~all unless you are 100% sure |
How to properly configure an SPF record?
Configuring an SPF email isn’t that complicated, as long as you know where to click and what to write.
That’s why we’re giving you an exclusive look at the steps to get a clean and effective SPF. 👇🏼
Step 1: List all your sending services
Before changing anything, start by listing all the tools that send emails using your domain. For example:
- Gmail/Google Workspace.
- Your prospecting tool (hello Waalaxy).
- Your CRM (Hubspot, Pipedrive, etc.).
- A marketing tool (MailerLite, Brevo).
- A support tool (Zendesk, Crisp).
The goal here is to not forget anything, otherwise some emails will be blocked.
Step 2: Create or modify the SPF record in your DNS
Go to where you manage your domain name (OVH, Gandi, GoDaddy, Google Domains, etc.) and do the following:
- Look for the DNS section.
- Add a TXT record.
- Enter your SPD line (or modify the existing one).
Step 3: Write a clean SPF line
An SPF record always begins with:
v=spf1
Then add your services with include:, and you end with ~all (or -all if you are strict).
Here is an example:
v=spf1 include:_spf.google.com include:_spf.waalaxy.com ~all
This line means: “I authorize Google and Waalaxy to send emails for my domain. Others = soft fail.”
Step 4: Test your SPF
Don’t rely on intuition; a quick test is better than a big mistake.
Here are some free tools to check that everything is in place:
- MXToolbox SPF Checker.
- EasyDMARC SPF checker.
- Google Admin Toolbox.
Step 5: Keep your SPF up to date
If you have added a new sending service or replaced a platform, always remember to update your SPF record. 🖥️
Also, avoid creating multiple SPF records; there can only be one per domain. 🌚
Here are some examples of well-commented SPF lines. ⤵️
v=spf1
include:_spf.google.com → Gmail / Google Workspace
include:mailgun.org → Outil transactionnel
include:_spf.waalaxy.com → Outil de prospection multicanale
~all → Tous les autres = soft fail
What tools can you use to check and test your SPF?
Here are some tools for checking your SPF email, just for you. 👇🏼
| Tool | What it does |
|---|---|
| MXToolbox | Checks if your SPF record is valid, detects syntax or logic errors, and indicates if it is too long (limit of 10 lookups). Simple and fast. |
| EasyDMARC SPF Checker | Clear analysis with visuals, details of domains included, number of DNS queries used, alerts on common errors. Ideal for a quick audit. |
| Google Admin Toolbox | Provides a complete diagnosis of a domain (SPF, DKIM, DMARC, blacklists), with Google-friendly advice. Useful if you send from Gmail or Workspace. |
| dmarcian SPF Survey | Shows in diagram form all include: used and how they stack up. Perfect for seeing if you are at risk of exceeding 10 lookups. |
| Mail-Tester | Allows you to send a test email to a generated address, then analyzes the message received: SPF, DKIM, DMARC, spammy content, IP reputation… A must for testing before sending a campaign. |
A little tip, just for you: check with at least two tools to cross-reference the information and detect more serious problems. 👀
How can you check if your domain is protected by SPF, DKIM, and DMARC?
Setting up SPF email is good, but if you want your emails to be truly credible in the eyes of receiving servers, you need the winning trio: SPF + DKIM + DMARC.
Spoiler alert: these three complement each other, but they are not interchangeable! 👀
A quick reminder of what each one does. ⤵️
| Protocol | What is it used for? | What does it look like? |
|---|---|---|
| SPF | Indicates the servers authorized to send emails for your domain | v=spf1 include:_spf.google.com ~all |
| DKIM | Adds an encrypted signature to the email content (verifies its integrity) | v=DKIM1; k=rsa; p=... in the DNS |
| DMARC | Gives instructions to servers: what to do if SPF or DKIM fails? | _dmarc.votredomaine.com + policy |
📌 Basically:
- SPF looks at the sending server.
- DKIM looks at the email content.
- DMARC looks at the results of both and applies a rule.
How can you tell if all three are properly configured on your domain?
Well, there are two simple methods for doing this!
1️⃣ Method 1: send a test email and analyze the report
This is the most accessible method, especially if you are not familiar with DNS:
- Go to mail-tester.com.
- Copy the temporary address generated.
- Send a test email from your domain to this address.
- Analyze the report you receive (score out of 10 + technical details).
The report will tell you:
- Whether SPF is present and correctly applied.
- Whether DKIM is active and valid.
- Whether DMARC is configured and which policy you have chosen.
2️⃣ Method 2: check in the DNS (manually or using a tool)
If you have access to your DNS host (OVH, Google Domains, Gandi, etc.), you can search directly for records in your DNS zone. 🤔
Here is what you should find there:
- 🔹 SPF record:
- Type: TXT.
- Name: your domain name (e.g., waalaxy.com).
- Content: begins with
v=spf1. - Ex: Ex:
v=spf1 include:_spf.google.com include:_spf.waalaxy.com ~all
- 🔹
DKIM record:
- Type: TXT.
- Name: a subdomain of type
selector1._domainkey.votredomaine.com. - Content: starts with
v=DKIM1; k=rsa; p=...
DKIM is generated automatically by certain tools such as Google, Mailjet, etc. You must activate it and copy the record provided.
- 🔹 DMARC record:
- Type: TXT.
- Name: _dmarc.yourdomain.com.
- Content: starts with v=DMARC1; p=… (with p=none, quarantine, or reject)
If you can’t find any DKIM or DMARC records, don’t panic, but it’s time to configure them. SPF alone is no longer enough today.
Why is this trio non-negotiable?
| Protocol | Its role in authentication | What happens without it | What you gain with it |
|---|---|---|---|
| SPF | Declares which servers are authorized to send emails for your domain | Your emails may be considered spam or blocked outright | You inspire confidence in spam filters |
| DKIM | Adds an encrypted signature to the email content to prove that it has not been modified | The content of your emails may be considered suspicious or falsified | You reinforce the integrity and legitimacy of your messages |
| DMARC | Oversees SPF + DKIM and tells servers what to do if one fails | No policy is enforced → your emails can be hijacked without your knowledge | You control the protection of your domain + receive incident reports |
SPF + Waalaxy: The deliverability + prospecting combo
If you don’t know what I’m talking about, Waalaxy is an all-in-one multichannel prospecting tool designed to help you automatically generate leads via LinkedIn and email, without losing personalization or efficiency.
Basically, you create your sequences (LinkedIn + email) ⭢ Waalaxy sends them for you ⭢ you get qualified responses in your inbox.
But for this to really work, your emails need to reach their destination. And that’s where SPF comes in.
Why? 🤔
Well, you’ve worked on your targeting, your message is relevant, and your sequence is ready to go.
But if your emails end up in spam, all that work is wasted…
That’s why you need to know how to configure it properly! ⚙️
How do you configure SPF for Waalaxy?
If you use your own domain (which we 100% recommend), you need to add Waalaxy to your SPF record.
Example:
v=spf1 include:_spf.google.com include:_spf.waalaxy.com ~all
- include:_spf.google.com = for sending via Gmail/Workspace
- include:_spf.waalaxy.com = to authorize Waalaxy mailings
- ~all = anything not listed = rejection “ soft”
One oversight here, and your Waalaxy emails may be rejected or marked as spam… even if they are perfect.
And if you’re still not convinced, then read this. ⤵️
| Without a properly configured SPF | With SPF + Waalaxy properly configured |
|---|---|
| Emails blocked or classified as spam | Emails delivered to inbox 📬 |
| Campaigns that don’t catch on “ ” | 📈 Boosted open rates + response rates |
| Domain perceived as risky | Domain considered reliable |
| Lack of results despite good targeting | Qualified leads who respond ✔️ |
And if you ever feel lost, here’s what we do at Waalaxy to help you:
- We provide you with the correct SPF line.
- We guide you on DKIM + DMARC if needed.
- We optimize our sending servers to offer you the best possible deliverability.
- And if you have any problems, our support team will give you a hand (quickly and personally).
Let’s recap.
As we’ve seen, SPF mail is a small DNS record that authorizes certain servers to send emails on your behalf.
If it is misconfigured or missing, your campaigns may go straight to spam, ruin your reputation, and cause your results to plummet. 📉
But SPF isn’t everything. It works in tandem with DKIM, which verifies that the content of the email has not been modified, and DMARC, which coordinates everything by applying a clear policy and sending you reports. 📑
When these three protocols are properly configured, you’re putting all the odds in your favor to improve your deliverability, reassure spam filters, and maximize your prospecting performance. 💭
And if you use Waalaxy to send your multi-channel sequences, don’t forget to add include:_spf.waalaxy.com to your SPF. 👀
Otherwise, your messages may be blocked, even if they are perfectly written.
All you have to do now is what others don’t dare to do: send emails that arrive, engage, and sell. The rest? It’s just noise. 😏
Frequently asked questions
Don’t leave so quickly, we still have a few questions for you! ⤵️
Is SPF enough to guarantee deliverability?
Unfortunately not, SPF alone is not enough.
It’s an excellent start, but it only covers part of the job, namely verifying that the sending server is authorized, and that’s it.
It doesn’t protect the content of the email (that’s DKIM’s job), nor does it allow you to set a policy or receive reports (that’s DMARC).
Today, receiving servers such as Gmail and Outlook expect all three to be configured in order to grant their full trust.
So no, SPF doesn’t do everything, but without it, you’re already starting off at a disadvantage. 🥵
What are the risks if I don’t configure SPF for my sending domain?
It’s simple: you lose control over your sender identity. 📨
Without SPF, any server can attempt to send emails pretending to be you, which results in:
- Your emails are often classified as spam or even rejected outright.
- Your domain reputation takes a hit (and it takes a long time to repair).
- Your prospecting campaigns become invisible (even if they are well designed).
In short, no SPF ⭢ no deliverability ⭢ no leads.
Do I need SPF if I have DKIM?
Absolutely, DKIM and SPF are complementary, not interchangeable:
- SPF verifies the sender’s IP address.
- DKIM verifies the entire content.
For example, an email can pass DKIM but fail SPF, or vice versa. 💭
You need both to stack the odds in your favor. One does not replace the other; they work in tandem.
I think you now know everything there is to know about SPF email. See you soon! 🐉
Sasha
05/02/2026 
