Authenticating Email with SPF in Amazon SES - Amazon Simple Email Service

Authenticating Email with SPF in Amazon SES

Sender Policy Framework (SPF) is an email validation standard that's designed to prevent email spoofing. Domain owners use SPF to tell email providers which servers are allowed to send email from their domains. SPF is defined in RFC 7208.

To set up SPF, you publish a TXT record to the DNS configuration for your domain. This record contains a list of the servers that you authorize to send email from your domain. When an email provider receives a message from your domain, it checks the DNS records for your domain to make sure that the email was sent from an authorized server.

When you send email through Amazon SES, the messages that you send pass an SPF check by default. Amazon SES specifies a MAIL FROM domain for each message that is a subdomain of, and the sending mail server for the message aligns with this domain.

You can optionally publish your own SPF record. By publishing an SPF record, your email can comply with Domain-based Message Authentication, Reporting and Conformance (DMARC). For more information, see Complying with DMARC.

Adding an SPF Record

To publish an SPF record, you have to add a new TXT record to the DNS configuration for your domain. The procedures for updating DNS records vary depending on which DNS or web hosting provider you use.

The following table includes links to the documentation for several common providers. This list isn't exhaustive, and inclusion in this list isn't an endorsement or recommendation of any company's products or services. If your provider isn't listed in the table, you can probably still publish an SPF record.

DNS/Hosting provider Documentation link
Amazon RouteĀ 53

Creating Records by Using the Amazon RouteĀ 53 Console and Common values


Add an SPF record (external link)


How do I add an SPF record? (external link)


Managing DNS records in Cloudflare (external link)


SPF Records (external link)


How do I add TXT/SPF/DKIM/DMARC records for my domain? (external link)

Changing your domains DNS Settings (external link)


Adding or Updating SPF Records in Your Wix Account (external link)

If your domain doesn't have an existing SPF record, publish a TXT record with the following value. The name of the record can be blank or @, depending on your DNS service.

"v=spf1 ~all"

SPF records can contain multiple include statements. If your domain already has an SPF record, you can add an include statement for Amazon SES by using the following format:

"v=spf1 ~all"