Each SPF record begins with a version number; the current SPF version with "v=spf1".
An unlimited number of expressions follow, which are evaluated in the order from front to back. Most of the expressions are so-called directives, which define the authorization of the sender, and consist of an optional qualifier and a so-called mechanism, which results in either a hit or no hit for a given situation (IP address). The first mechanism, which represents a hit, determines the result of the entire evaluation of the SPF record..
|+||Pass||the directive defines authorised transmitters;
this is the standard, i.e. if no qualifier is specified, + is assumed
|-||Fail||the directive defines unauthorised channels|
|~||SoftFail||the directive defines unauthorized transmitters, but the receiver should treat this failure generously;
this qualifier is intended for testing purposes
|?||Neutral||the directive defines channels about whose legitimacy nothing should be said; the channel must be accepted|
|Mech.||Directive applies when -|
|a||an A (or AAAA) record of the queried (or explicitly specified) domain contains the IP address of the sender|
|mx||an MX record of the queried (or explicitly specified) domain contains the IP address of the sender|
|ip4||the specified IPv4 address is the IP address of the sender or the specified IPv4 subnet contains it|
|ip6||the specified IPv6 address is the IP address of the sender or the specified IPv6 subnet contains it|
|redirect||IP address of the sender is legitimized by the SPF record of another domain|
|include||An additional SPF request for the domain specified in the include statement contains the IP address of the sender|
|exists||IP address of the sender based on the connection of the client or other criteria according to (RFC7208 ) was authorized|
An overview of all allowed expressions is given on the subpage SPF Mechanisms of the SPF website
$ host -t TXT gmx.de
gmx.de text "v=spf1 ip4:188.8.131.52/23 -all"
The company GMX therefore specifies that all servers in the network range from 184.108.40.206 to 220.127.116.11 may send e-mails from the domain gmx.de. According to this SPF record, all other servers are not authorized to use this domain in the envelope sender address.