SPF

Sender Policy Framework (SPF) is a DNS-based mechanism that lists which mail servers are authorised to send email for a domain. Receiving servers check the SPF record at the domain's apex against the sending server's IP and decide whether the source is legitimate. A Microsoft 365 SPF record typically looks like v=spf1 include:spf.protection.outlook.com -all, with additional include mechanisms for legitimate third-party senders (marketing platforms, helpdesk systems). The trailing -all (hard fail) instructs receivers to reject unauthorised senders; ~all (soft fail) flags them as suspicious but doesn't reject. Combined with DKIM and DMARC, SPF is the foundation of email anti-spoofing.