The short and direct answer is that Sender Policy Framework (SPF) uses a TXT (Text) record. When you're in your DNS provider's dashboard to set up SPF, you will always create a TXT record to hold your SPF policy.
A TXT record is a versatile type of DNS record that can hold arbitrary text-based information. This flexibility is why it's used for several different purposes beyond email authentication, including domain ownership verification. As WhatIsMyIP.com® points out, they are commonly used for both SPF and verifying your domain with services like Google Search Console.
The history of the dedicated SPF record type
This question can be confusing because there was once a dedicated DNS record type for SPF. It was known as the SPF record, or Type 99. However, this record type has been deprecated for many years and should not be used. If you create a Type 99 SPF record, many modern mail servers will simply ignore it, which can cause your emails to fail authentication.
The original specification for SPF (RFC 4408) proposed both the TXT and the dedicated SPF record types. The idea was to have a transition period. Unfortunately, the dedicated SPF record type never gained widespread adoption. DNS servers and providers were slow to support it, while support for TXT records was already universal. As a result, the community decided to stick with TXT records, and the dedicated SPF type was officially deprecated in a later specification (RFC 7208).
Why the TXT record won
The decision to standardize on the TXT record for SPF came down to practicality and widespread support. Sticking with TXT records offered several advantages:
- Universal Support. Every DNS provider and server in the world already supported TXT records. This meant no new development or updates were required to implement SPF, significantly lowering the barrier to adoption.
- Flexibility. TXT records are designed as a catch-all for various forms of text data. This makes them perfect for protocols like SPF, DKIM, DMARC, and others that need to store information in the DNS.
- Simplicity. For domain administrators, it's easier to manage a single record type (TXT) for multiple verification and policy frameworks rather than needing to learn and manage several different, specialized record types.
What does an SPF record look like?
Even though it lives inside a TXT record, the content itself has a specific format that receiving mail servers look for. It always begins with v=spf1, which identifies it as an SPF version 1 record. Here's a simple example of what you might see for a domain that sends email through Google Workspace:
v=spf1 include:_spf.google.com ~all
In this example, the record states that any servers included in Google's own SPF record (include:_spf.google.com) are authorized to send email for this domain. The ~all part tells receiving servers to treat mail from any other sources as a "SoftFail," meaning it's suspicious but not necessarily rejected outright.
So, to be crystal clear: for modern email deliverability, your SPF policy must be published in a TXT record. Always choose the TXT option in your DNS settings, and disregard any legacy or deprecated SPF record types you might come across.
