Every legitimate sender authorised. Every spoofed sender blocked.
62% of UK businesses have incorrectly configured SPF records. Missing senders cause deliverability failures. Too many DNS lookups cause silent authentication errors. IP Four audits, rebuilds, and maintains your SPF record so it works correctly for every sending source.
SPF configuration that actually works.
A correct SPF record covers every legitimate sender, stays within DNS lookup limits, and uses the right enforcement qualifier. Most organisations have at least one of these wrong.
Sending Source Discovery
Full audit of every service sending email on behalf of your domain. Mail servers, CRMs, marketing automation platforms, helpdesks, accounting software, and any other third-party senders are identified and documented.
SPF Record Construction
SPF record built to include every legitimate sending source with the correct mechanism type. IP addresses, include statements, and redirect modifiers configured precisely to authorise all valid senders without over-permitting.
SPF Flattening and Optimisation
SPF records with too many DNS lookups fail silently. We flatten complex SPF records to stay within the 10 DNS lookup limit while maintaining full coverage of all authorised senders. Prevents authentication failures caused by lookup limits.
Third-Party Service Integration
Marketing platforms, CRMs, helpdesks, and cloud services each have their own SPF requirements. We configure your record to include all third-party sending infrastructure correctly, including services that change their IP ranges regularly.
Enforcement Qualifier Configuration
SPF enforcement qualifier set correctly for your policy. Hard fail (-all) configured once all legitimate sources are confirmed. Soft fail (~all) used during transition phases. Neutral and pass qualifiers applied where appropriate.
Ongoing SPF Maintenance
SPF records updated whenever new sending services are added or existing services change their infrastructure. Quarterly reviews check for IP range changes by third-party providers that could cause authentication failures.
From audit to correctly configured record.
Current SPF Record Review
Existing SPF record analysed for accuracy, completeness, and DNS lookup count. Common issues identified including missing senders, over-permissive wildcards, and lookup limit violations.
Sending Source Inventory
Every service sending email on behalf of your domain identified. DMARC aggregate reports, email headers, and direct consultation with your team used to build a complete inventory of authorised senders.
Record Design and Flattening
New SPF record designed to include all legitimate senders within the 10 DNS lookup limit. Flattening applied where necessary to consolidate include statements without losing coverage.
Staged Deployment
Updated SPF record deployed with a short TTL initially to allow rapid correction if any issues are identified. Email flow monitored during transition to confirm no legitimate email is affected.
Authentication Validation
SPF pass rates validated using DMARC aggregate reports and direct email header analysis. Any sources still failing authentication identified and resolved before TTL is increased.
Documentation and Handover
Complete documentation of all authorised senders, SPF record values, and maintenance procedures. Handover includes instructions for adding new senders and monitoring for authentication failures.
How we have fixed SPF for UK businesses.
Marketing Platform Causing SPF Failures
A Bristol e-commerce business added a new email marketing platform but did not update their SPF record. Marketing emails were failing SPF checks and being delivered to spam folders across major providers.
SPF record updated to include the marketing platform. All sending sources audited and record rebuilt with correct flattening. Marketing email deliverability restored within 24 hours of deployment.
SPF Lookup Limit Causing Silent Failures
A London professional services firm had accumulated 14 DNS lookups in their SPF record over several years of adding new services. Authentication was failing silently for a significant proportion of outbound email.
SPF record flattened to 7 DNS lookups while maintaining full coverage of all 11 sending services. Authentication failure rate dropped to zero. Deliverability improved measurably within 2 weeks.
New Business Requiring Full SPF Setup
A Newcastle logistics company launching a new brand needed complete email authentication configured from scratch. They used Microsoft 365, a CRM, a helpdesk platform, and a transactional email service.
Full SPF record configured covering all 4 sending sources within the lookup limit. DKIM and DMARC configured simultaneously. Brand launched with full email authentication in place from day one.
Find out if your SPF record is working correctly.
Our free SPF audit checks your current record for missing senders, lookup limit violations, and incorrect enforcement qualifiers. Takes minutes and costs nothing.