The Sender Policy Framework Record, also known as SPF, is one of the three fundamental TXT Email Authentication Records that increase the probability of email deliverability and minimize the possibility of email forgery. It does so by holding publicly accessible information regarding a list of authorized sending hosts and IP addresses permitted to process emails from a said mail server. As such, ensuring the SPF is setup and verified for functionality is vital for email deliverability.
How to Check if the SPF Record is accessible:
Once the SPF record has been applied, you can make use of DiG to pull up the TXT records for a particular domain. The DiG command can be used over the command line, and the command would look something like this:
$ dig +short TXT google.com
"v=spf1 include:_spf.google.com ~all"
The SPF record string typically begins with "v=spf" indicating that this TXT record is an SPF.
If you do not have access to a command line, you can use an online DNS tool to query the domain's TXT records such as DNSMap (https://dnsmap.io/) or IntoDNS (https://intodns.com/). Here's a quick screenshot of the SPF displayed on DNSMap:
Verifying if the SPF record is working:
The quickest way to test if major mail providers are accepting your new SPF record is by sending a test email and reviewing the email headers.
The mail provider used for this test is Gmail. You can find instructions on viewing email headers for a Gmail account here:
Once obtaining a copy of the email headers for the test email, you can find the "Authentication-Results" by scrolling down through the headers. This section will house the results of the SPF Record currently in use by the domain. You'll want this value to be a "pass" and not "fail":
Should the value return "fail", then you may want to revisit the record and adjust the value once more. cPanel's Email Deliverability interface offers a recommended SPF record if you're unsure of how to compose this record. See the following documentation for more information: