Sep 14, 2018

The "redirect" modifier of Email SPF

The "redirect" modifier of Email SPF

The SPF record for domain replace the current record. The macro-expanded domain is also substituted for the current-domain in those look-ups.

In the following example, the client IP is and the current-domain is
  • If has no SPF record, that is an error; the result is unknown.
  • Suppose's SPF record was "v=spf1 a -all".
  • Look up the A record for If it matches, return Pass.
  • If there is no match, the exec fails to match, and the -all value is used.

Real example:
$ dig txt

;; ANSWER SECTION: 7199 IN TXT "v=spf1"

$ dig txt

;; ANSWER SECTION: 299 IN TXT "v=spf1 ~all"