Skip to main content
All website issues
Technical Health

Your SPF record lets anyone send as your domain

What this means for your business

Your SPF record ends in "+all", which tells the world that ANY server is allowed to send email as your domain. That removes the protection SPF is supposed to give — anyone can impersonate your address and your real mail gets no deliverability benefit.

How to fix it
Easy
15–30 minutes

  1. 1Open your DNS settings at your domain registrar or host and find the existing TXT record that starts with "v=spf1".
  2. 2Look at how it ends. "+all" (or a bare "all") means anyone can send as your domain — that's the problem.
  3. 3Change the ending to "~all" (soft fail — mail still delivers but is marked suspicious) while you confirm everything legitimate is listed.
  4. 4Once you're confident every real sender is included, tighten it further to "-all" (hard fail), which tells receivers to reject anything not on your list.
  5. 5Save and re-scan to confirm. Do NOT add a second SPF record — edit the existing one.

Pro tip: Start with "~all" rather than jumping straight to "-all". If you have a sender you forgot to list, "~all" still lets that mail through (flagged) instead of bouncing it outright, giving you a safety margin while you verify.

Does your site have this problem?

SiteSprout scans your site, tells you which issues you actually have in plain English, and keeps watch so nothing breaks silently.

Scan your site free