Authenticating Email with SPF in Amazon SES

Sender Policy Framework (SPF) is an email validation standard that's designed to prevent email spoofing. Domain owners use SPF to tell email providers which servers are allowed to send email from their domains. SPF is defined in RFC 7208.

To set up SPF, you publish a TXT record to the DNS configuration for your domain. This record contains a list of the servers that you authorize to send email from your domain. When an email provider receives a message from your domain, it checks the DNS records for your domain to make sure that the email was sent from an authorized server.

When you send email through Amazon SES, the messages that you send pass an SPF check by default. Amazon SES specifies a MAIL FROM domain for each message that is a subdomain of amazonses.com, and the sending mail server for the message aligns with this domain.

You can optionally publish your own SPF record. By publishing an SPF record, your email can comply with Domain-based Message Authentication, Reporting and Conformance (DMARC). For more information, see Complying with DMARC.

Adding an SPF Record

To publish an SPF record, you have to add a new TXT record to the DNS configuration for your domain. The procedures for updating DNS records vary depending on which DNS or web hosting provider you use.

The following table includes links to the documentation for several common providers. This list isn't exhaustive, and inclusion in this list isn't an endorsement or recommendation of any company's products or services. If your provider isn't listed in the table, you can probably still publish an SPF record.

DNS/Hosting provider	Documentation link
Amazon Route 53	Creating Records by Using the Amazon Route 53 Console
GoDaddy	Add an SPF record (external link)
DreamHost	How do I add an SPF record? (external link)
Cloudflare	Managing DNS records in Cloudflare (external link)
HostGator	SPF Records (external link)
Namecheap	How do I add TXT/SPF/DKIM/DMARC records for my domain? (external link)
Names.co.uk	Changing your domains DNS Settings (external link)
Wix	Adding or Updating SPF Records in Your Wix Account (external link)

If your domain doesn't have an existing SPF record, publish a TXT record with the following value. The name of the record can be blank or @, depending on your DNS service.


"v=spf1 include:amazonses.com ~all"

SPF records can contain multiple include statements. If your domain already has an SPF record, you can add an include statement for Amazon SES by using the following format:


"v=spf1 include:example.com include:amazonses.com ~all"

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Complying with DMARC

Setting up event notifications