Prevent Spoofing and Span with SPF
From: https://support.google.com/a/answer/33786?hl=en&ref_topic=10685331&sjid=16475661690433716483-NC 







Help prevent spoofing and spam with SPF
Protect against spoofing & phishing, and help prevent messages from being
marked as spam

SPF is a standard email authentication method. SPF helps protect your domain
against spoofing, and helps prevent your outgoing messages from being marked as
spam by receiving servers. SPF specifies the mail servers that are allowed to 
send email for your domain. Receiving mail servers use SPF to verify that 
incoming messages that appear to come from your domain were sent by servers 
authorized by you.

Without SPF, messages sent from your organization or domain are more likely to
be marked as spam by receiving mail servers.




Email authentication requirements for sending 
to Gmail accounts
Google performs random checks on messages sent to personal Gmail accounts to
verify messages are authenticated. To help ensure messages you send to Gmail
accounts are delivered as expected, you should set up either SPF or DKIM for
your domain. Messages without at least one of these authentication methods are
rejected with a 5.7.26 error, or are marked as spam. We recommend you always set
up SPF and DKIM to protect your organization’s email, and to support future 
authentication requirements.

If you use an email service provider, verify that they authenticate your
organization's email with SPF or DKIM.

If you regularly forward email, be sure to follow Best practices for
forwarding email to Gmail to help ensure your messages are delivered as
expected.




Get started
Go to the steps for setting up SPF.
Tip:
If you send email with Google Workspace only, get your SPF record in Define your
SPF record—Basic setup.




Email authentication for Gmail
In addition to SPF, we recommend that you set up DKIM and DMARC. These
authentication methods provide more security for your domain, and help ensure
messages from your domain are delivered as expected. For more information on 
DKIM and DMARC, go to Help prevent spoofing, phishing, and spam.




Video: Why set up email authentication? 
Video: What are SPF and DKIM
Video: What are SPF and DKIM




How SPF protects against spoofing and spam



Helps prevent spoofing
Spammers can forge your domain or organization to send fake messages that appear to come from your organization. This is called spoofing. Spoofed messages can be used for malicious purposes. For example spoofed messages can spread false information, send harmful software, or trick people into giving out sensitive information. SPF lets receiving servers verify that mail that appears to come from your domain is authentic, and not forged or spoofed. 
To further protect against spoofing and other malicious email activity, we recommend you also set up DKIM and DMARC.




Helps deliver messages to recipients' inboxes


SPF helps prevent messages from your domain from being delivered to spam. If your domain doesn’t use SPF, receiving mail servers can’t verify that messages that appear to be from your domain actually are from you.

Without SPF, receiving servers might send your valid messages to recipients' spam folders, or might reject valid messages.




What you need to do
	



Before you set up SPF

For details, go to Before you set up SPF.
	



Define your SPF record—Basic
Tip:
This article is for people who don't have experience setting up SPF or email 
servers.

For details, go to Define your SPF record—Basic setup.




Define your SPF record—Advanced
Tip:
This article is for IT professionals and people who have experience setting up 
email servers.

For details, go to Define your SPF record—Advanced setup.
	



Add your SPF record at your domain provider

For details, go to Add your SPF record at your domain provider.
	



Troubleshoot SPF issues

For details, go to Troubleshoot SPF issues.




Related topics