
SPF Record Syntax: Complete Reference
SPF record syntax from v=spf1 through -all: includes, lookup limits, permerror traps, and provider templates. The reference we use before editing any production TXT record.
Fixes, not fluff. DNS security and compliance guides for IT managers who already know the acronyms.

SPF record syntax from v=spf1 through -all: includes, lookup limits, permerror traps, and provider templates. The reference we use before editing any production TXT record.

SOC2 CC6.6 DNS monitoring evidence for Type II: enforced DMARC, MTA-STS, change detection, and tamper-proof logs auditors accept when Excel exports fail.

Twelve ISO 27001 email DNS records mapped to Annex A 2022 controls: SPF, DKIM, DMARC, MTA-STS, TLS-RPT, MX, DNSSEC, CAA, and the records auditors flag first.

Copy-paste SPF templates for Microsoft 365-only mail, M365 plus Mailchimp or HubSpot, and hybrid setups. Cloudflare and GoDaddy publish steps included.

NIS2 Article 21 requires technical measures for network and information systems. Email authentication, DNS security, and continuous monitoring evidence are the controls SMBs get questioned on first. Full 2026 checklist.

SPF PermError stops SPF evaluation entirely, breaking deliverability and DMARC alignment. Fix syntax errors, merge duplicate TXT records, and stay under the 10 DNS lookup limit.

NIS2 Article 21 does not name SPF or DMARC, but DNS and email authentication evidence is what assessors request first. Controls, artifacts, and sample auditor questions for 2026.
Get the latest security alerts and analysis from the ZeroHook team.