Activating the SPF Check

Activate the SPF check.

For your domains, valid SPF records are set in the DNS zone.


SPF checks are only performed for domains with valid SPF records. To find out how to set an SPF record in the DNS zone, see Setting an SPF Record.

Activate the SPF check to check whether the outgoing server of an incoming email matches the SPF records of the sender’s domain and is authorized to send emails from the domain.

  1. Log in to the Control Panel with your administrative credentials.
  2. Select your domain from the scope selection.
  3. Navigate to Security Settings > Email Authentication.
  4. Activate the checkbox Activate SPF check under Sender Authentication.
    Figure 1: Activate SPF check

    A warning message appears.

  5. Click on Confirm.
    Figure 2: Confirm

    The SPF check is activated for all domains that are under the selected domain and for which correct SPF records have been set.

  6. Select in which situations an SPF check shall be performed.
    • To check all incoming emails that have an SPF record set for their sender’s domain, select For all incoming emails.


      This option is recommended if there is generally a high volume of address forgery from different sender domains. If you use this variant, the false positive rate may increase if several communication partners have not configured their SPF records correctly.

    • To only check incoming emails sent from the recipient’s domain, select Only for emails within one of your own domains.


      Only internal emails are checked. This option is recommended to prevent targeted attacks under fake email addresses from your own domain.

    Figure 3: Select emails for SPF check

You have activated the SPF check.

Configure the advanced options for the SPF check (see Configuring Advanced Options for SPF Check).