SPF

SPF is a DNS-published mail posture signal that can describe which systems are authorised to send mail for a domain.

Mail posturePublic evidenceObserved over time

Observed evidence

Observed by .auDO

These fields describe the public evidence .auDO records for this signal where available.

spf_presentdns_raw.spf_presenttxt_records

Interpretation

How to read this signal

This signal is useful as public evidence of visible posture or change, not as a conclusion on its own.

Why it matters

SPF presence can help contextualise mail posture and provider movement when interpreted with MX records, DMARC and TXT evidence.

What change may indicate

An SPF change may reflect mail provider migration, sender inventory cleanup, policy tuning, new third-party sending services or accidental removal.

Limits

What it cannot tell us

SPF presence does not prove all legitimate mail is protected or that a domain is safe from impersonation. SPF absence or weakness does not prove negligence, compromise, intent or risk.

Observations are descriptive records, not risk scores, allegations or evidence of compromise.

Observed patterns

Common observations

SPF presence change

Report surface

Where it appears

This signal can appear in daily reports, the observation panel, methodology notes, derived report artefacts and preserved raw snapshot evidence when the relevant fields are present.

Nearby signals

DMARC MX records Email provider TXT records

Use alongside

Explore this signal in context

This signal is most useful when read alongside related State views, explainers, reports and methodology notes.

Why DMARC matters DMARC state Email provider state Reports Methodology