What is this
SPF (Sender Policy Framework) is a DNS TXT record listing which mail servers may send on behalf of your domain. Receiving servers compare the sending IP to your SPF record. If the IP is not listed, the mail can be flagged as spoofing.
Why it matters
Without SPF, anyone can send mail pretending to be your domain. That hurts deliverability and exposes your brand to phishing.
How to fix it
TransIP: Open Domains > your domain > DNS. Add a TXT record with name @ and value v=spf1 include:_spf.transip.email -all. Using an external mail provider? Replace the include with theirs.
CloudFlare: Go to DNS > Records. Add TXT with name @ and content v=spf1 include:_spf.<provider>.com -all. TTL Auto.
Strato or Antagonist: Open DNS management in the customer panel. Add a TXT record on the root (@ or empty) with v=spf1 include:<provider-spf-host> -all. Antagonist ships _spf.antagonist.nl ready to use.
Other: At your DNS host, add a TXT record on the apex with v=spf1 followed by all include: clauses for your senders, ending in -all (hard fail) or ~all (soft fail).
Verify
Run dig TXT yourdomain.com +short or use MXToolbox SPF lookup. Send a test mail to a Gmail address and inspect the Authentication-Results header: you should see spf=pass.