Follow

How to interpret SPF authentication verification results

Sender Policy Framework (SPF) authentication verification results should be returned back to the sending Mail Transfer Agent (MTA) during the SMTP conversation. When checking for verification results, remember that not all mailbox providers use SPF authentication in their spam filters. Look for SMTP responses from mailbox providers such as Gmail, Yahoo!, AOL, and Microsoft (Outlook.com). The technical details as described below can also be found in RFC 4408.

If you need to create or edit your SPF record, contact your email administrator, Email Service Provider (ESP) or domain hosting provider.

Verification results 

The verification results reported from mailbox providers are:

  • None means no SPF record was found for the domain.
    • In order to set up SPF you need to create an SPF record for your Return-Path address with your sending server or IP address information. (The Return-Path address is also known as the MFrom or envelope-sender address.)
  • Neutral means the domain owner stated in the SPF record that they do not want to assert that the IP address is authorized to send from the domain.  
    • A Neutral result is treated the same as a None result. SPF records with this result are typically using the ? qualifier (?all).
    • If you want to assert that only you can send for your IP, then change the qualifier to ~ (~all) or - (-all).
  • Pass means the IP address is authorized to send from the domain.
    • The SPF record, with the correct syntax, was successfully verified by the mailbox provider.
  • Fail means the IP address is not authorized to send from the domain. The SPF record does not contain the sending server or IP address used for sending email to the mailbox provider.
    • Update your SPF record with your sending server or IP address information. 
  • SoftFail means the IP address may or may not be authorized to send from the domain.
    • The mailbox provider will likely mark the message as suspicious, however, they will still accept it. A softfail does not necessarily cause deliverability problems by itself because mailbox providers rely on other data points to make a filtering decision.
    • Ensure your SPF record is up to date with your sending server or IP address information. 
  • TempError means a temporary error occurred during the SPF verification process. This result is often due to technical issues that took place during the verification process. Temperrors do not necessarily mean the SPF record is invalid.
    • If you receive this result, you don't necessarily need to take action because result is temporary. However, if you consistently see this error from multiple mailbox providers, ensure there are no DNS configuration problems with your domain and SPF record.
    • If you only see this error from one mailbox provider, it is likely their technical issue and should be resolved by them shortly.
  • PermError means the published SPF record could not be verified by the mailbox provider.
    • PermErrors are usually caused by a syntax or format error in the SPF record. Ensure your SPF record is set up correctly and doesn't have any extra spaces or unrecognizable characters in the DNS TXT record.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request