- Understanding SPF Records for Email Deliverability (Hosticko Guide)
Doc Summary
Understanding SPF Records for Email Deliverability (Hosticko Guide) #
SPF records for email deliverability are DNS TXT records that tell receiving mail servers which systems are allowed to send email
on behalf of your domain. When SPF is correct, your emails are more trusted and less likely to land in spam. When SPF is missing or broken, email
providers may flag your messages as suspicious or reject them.
If you want Hosticko to verify your SPF setup (and merge it safely with third-party senders), submit a ticket:
https://client.hosticko.com/submitticket.php
What is an SPF record? #
An SPF (Sender Policy Framework) record is a DNS TXT record that lists the mail servers and services allowed to send email for your domain.
It helps reduce spoofing (fake emails pretending to be from your domain) and improves deliverability.
Why SPF records for email deliverability matter #
- Helps stop spoofing: makes it harder for attackers to send email “from” your domain.
- Reduces spam placement: legitimate emails are more likely to reach the inbox.
- Builds trust: mail providers see your domain as better authenticated.
How SPF works #
When an email is received, the recipient mail server checks the sending server’s IP and compares it against your domain’s SPF record.
If the IP is authorized, SPF can pass. If it is not authorized, SPF can fail (and the recipient may mark the message as spam or reject it,
depending on the receiving policy and your overall authentication setup).
SPF is strongest when combined with DKIM and DMARC. SPF alone helps, but a complete authentication setup helps the most.
Where to add your SPF record (DNS) #
SPF is added in your domain’s DNS as a TXT record.
You must add it wherever your DNS is actually managed (examples: Hosticko DNS, Cloudflare, your domain registrar DNS, etc.).
Important rules before you edit SPF #
- Only ONE SPF record per domain: if you have multiple SPF TXT records, merge them into a single record.
- Keep it readable: add only the services you truly send from.
- Don’t exceed lookup limits: complex SPF records can fail if they trigger too many DNS lookups.
How Hosticko handles SPF (when using Hosticko DNS) #
If your domain is using Hosticko-managed DNS/nameservers, Hosticko can provide a recommended SPF value that authorizes the correct mail servers
for your hosting environment. In standard setups, this means your email sending sources (server hostname/IP, A/MX, etc.) are correctly included.
If you also send mail through third-party services (Google Workspace, Microsoft 365, Mailchimp, SendGrid, CRM systems, etc.),
you must add those senders into the same SPF record (merged), otherwise your SPF may fail.
Common SPF examples (safe templates) #
Below are common, safe SPF templates you can adapt. Replace placeholders with your real values.
If you’re unsure what to include, contact Hosticko support to avoid breaking delivery.
1) Basic SPF for typical hosting email (simple) #
v=spf1 a mx ~all2) Hosting email + dedicated sending IP (more specific) #
v=spf1 a mx ip4:YOUR_SERVER_PUBLIC_IP ~all3) Hosting email + Google Workspace #
v=spf1 a mx ip4:YOUR_SERVER_PUBLIC_IP include:_spf.google.com ~all4) Microsoft 365-only sending (example) #
v=spf1 include:spf.protection.outlook.com ~allAbout -all vs ~all:
-all is “hard fail” and is stricter. ~all is “soft fail” and is often used while testing.
If you switch to -all, confirm every sending source is included first.
How to check or update SPF in cPanel #
On many servers, you can view and manage SPF via cPanel’s Email tools or DNS tools.
If your DNS is not hosted in cPanel (for example, Cloudflare), you must update the SPF record there instead.
Method A: Email Deliverability tool (recommended when available) #
- Log in to cPanel.
- Open Email Deliverability.
- Select your domain and review the SPF (TXT) record.
- Apply the recommended record or customize carefully (only if you know what you’re doing).
Method B: Zone Editor (direct DNS TXT edit) #
- Log in to cPanel.
- Go to Domains → Zone Editor.
- Click Manage next to your domain.
- Find the TXT record that starts with
v=spf1. - Edit it (or add a new TXT record if none exists), then save.
Don’t create multiple SPF TXT records. If you already have one, edit and merge into that single record.
How to test your SPF record #
After updating SPF, wait for DNS propagation (often within a few hours, sometimes up to 24 hours depending on TTL and DNS providers),
then test using trusted tools.
- Check SPF syntax and issues using an SPF checker:
MXToolbox SPF Record Check - Send a test email to Gmail and review the email headers for SPF “pass/fail”:
How to view Gmail headers
Troubleshooting SPF issues #
My emails are still going to spam #
- SPF is only one part: make sure DKIM and DMARC are also set.
- From mismatch: ensure your sending service matches your authenticated domain.
- Bad content: spammy content, risky links, or poor list quality can still trigger filters.
I have multiple SPF records #
You must merge them into one SPF record. Multiple SPF TXT records can cause SPF to fail or behave unpredictably.
SPF fails after adding several services #
Your record might be too complex and triggering too many DNS lookups. Reduce unnecessary includes, and consider consolidating senders.
If you paste your current SPF value and tell us what services you send from, we can help merge it correctly:
https://client.hosticko.com/submitticket.php
FAQs #
Do I need SPF if I only send email from Hosticko? #
Yes—SPF helps prevent spoofing and improves trust. In many setups, Hosticko can provide a recommended SPF record when DNS is properly aligned.
Can I use SPF for multiple providers (Hosticko + Google/Microsoft + marketing tools)? #
Yes, but you must merge all sending sources into one SPF TXT record. Don’t create multiple SPF records.
Should I use -all or ~all? #
Use ~all while testing and migrating. Use -all only when you’re confident every sending source is included.
