SPF checking (sender validation) can be set up from the MPmail control panel. When SPF checking is enabled, incoming emails will be checked to see if they have been send from a valid source as published in the SPF record for the domain.


You will require

  • Access to the customer domain internet DNS.
  • Admin access to the MPmail control panel.


You will need access to the internet DNS of the domain and any alias domains that are registered in the MPmail control panel to set a TXT record for SPF lookups.

This SPF record must include any servers/systems that you send mail from and also authorize our mail relays to send on behalf of your domain. In order to accomplish this, you must have the following Include statement in your SPF record.

You will then need to wait for the record to be detected by the MPmail control panel. The MPmail control panel has a cached DNS system, this is updated once a day. You will not be able to enable SPF checking until the SPF record has been read and validated.

To confirm it has been validated, in the MPmail control panel, select the domain that you wish to enable SPF checking, and in the left menu go to

Security Settings - Email Authentication.

If any domains have a tick in the SPF status column, SPF checking can be enabled.

Click Activate SPF check

You can choose to check SPF for all incoming emails, or only to check SPF on emails where the sender email address is one of your own domains.

If you click Advanced SPF settings, you can further customise the way that the control panel will perform it's checks, and how it will process SPF failures.


  1. Based on the order that the control panel processes incoming emails (refer to MPmail / MParchive - Order of Processing), if a failed SPF check has been set to quarantine the email, this will appear on user quarantine reports as a spam email. However, as SPF checking happens before the allow list is processed, adding an email address to the allow list will NOT stop it being blocked by SPF checking.

  2. You can override SPF checking using the DOMAIN allow list. You can add an entry of any type, and request that entry to bypass sender validation checking.