         | Did this page help you? Yes No Tell us about it... |
Authenticating Email with SPF
Sender Policy Framework (SPF) provides a means for tracing an email message back to the system from which it was sent.
To be SPF-compliant, an email sender publishes one or more DNS records that establish the sending domain's identity. These DNS records are usually specified as TXT (text); they identify a set of hosts that are authorized to send email. After these DNS records are created and published, ISPs can authenticate a host by comparing its IP address with the set of IP addresses specified in the SPF record.
For more information about SPF, go to http://www.openspf.net and RFC 4408.
Domains with Preexisting SPF Records
If your "From" domain already has an SPF record, then you will need to add the following mechanism to it:
include:amazonses.com
![[Important]](http://docs.amazonwebservices.com/docs-common/images/important.png) | Important |
|---|---|
If you have an existing SPF record, then you must add this mechanism—otherwise, ISPs that examine "From:" headers might reject email that you send using Amazon SES. |
Adding a New SPF Record
If your "From" domain does not have an SPF record, we recommend that you add one to ensure that ISPs do not reject your email. The following is an example TXT record that you can publish to enable SPF:
v=spf1 include:amazonses.com ?all
