Your domain does not have an SPF TXT record published in DNS. Without SPF, receiving servers cannot verify which mail servers are authorized to send email on behalf of your domain.
Add a TXT record to your domain's DNS with your SPF policy.
No TXT record starting with "v=spf1" was found in your domain's DNS. This means there is no declared policy for which servers are allowed to send email as your domain. Receivers will return an SPF result of "none".
Without SPF, anyone can send email claiming to be from your domain and there is no DNS-based mechanism for receivers to detect it. This makes your domain an easy target for spoofing and phishing. SPF is also required for DMARC alignment.
Make a list of every service that sends email using your domain: your email provider (Google Workspace, Microsoft 365), transactional email services (SendGrid, SES), marketing platforms (Mailchimp), and any other senders.
Construct an SPF record that includes all legitimate senders.
v=spf1 include:_spf.google.com include:sendgrid.net -allLog into your DNS management console and create a new TXT record.
Type: TXT
Host: @
Value: v=spf1 include:_spf.google.com include:sendgrid.net -all
TTL: 3600Wait for DNS propagation and verify the record.
dig +short TXT yourdomain.com | grep "v=spf1"
# Expected: "v=spf1 include:_spf.google.com include:sendgrid.net -all"After making changes, use our free scanner to verify the fix is working correctly. DNS changes can take up to 48 hours to propagate, but most propagate within minutes.
For Google Workspace, use: v=spf1 include:_spf.google.com -all. If you also use other email services, add their include mechanisms before the -all.
Yes. If your domain does not send email, publish v=spf1 -all to explicitly declare that no server is authorized to send on its behalf. This prevents spammers from spoofing your domain.
It depends on the TTL of your DNS records and caching by resolvers. Typically, new records propagate within minutes to a few hours. In rare cases, it can take up to 48 hours.