Lesson 3: Setting up your SPF record for cold email
We’re adding new chapters to this cold email course as they’re released. Join the waitlist to get notified when a new chapter is available.
In this lesson you’ll learn how SPF (Sender Policy Framework) helps protect your domain and improve cold email deliverability.
I’ll walk you through what SPF is, how it prevents domain spoofing, and why using the “~all” setting is the preferred option for most senders. If you’re building a technical cold email setup, understanding SPF and managing your DNS records is essential to keep your emails landing in inboxes – not spam folders.
Here is the guide on how to set up SPF
In this lesson, you’ll learn:
- How SPF (Sender Policy Framework) works as a DNS-level authentication record that defines exactly which services and IPs are authorised to send email on behalf of your domain – and how Woodpecker’s built-in Domain Check-up tool lets you verify it’s configured correctly
- Why the difference between a soft fail (~all) and a hard fail (-all) matters, and why sticking with soft fail is the safer default for cold email senders whose emails might otherwise be rejected outright
- Why exceeding 10 DNS lookups in your SPF record causes it to fail permanently – and how free tools like EasyDMARC help you audit your record before that becomes a deliverability problem
- That Woodpecker sends via your email provider’s infrastructure rather than its own, meaning you only need to list your mailbox provider (e.g. Google) in your SPF record – not Woodpecker itself
Welcome back to the technical setup series.
In the next lessons we will focus on:
- authentication
- forwarding
- and email account settings
If you used Woodpecker’s Domain and Email account feature this was done for you.
Nevertheless, it’s good to understand how these things work.
Woodpecker has a built-in SPF, DKIM, and domain checker.
It will show you if your settings are correct for each mailbox and updates daily or on demand.
You can find this when you go to your company name in the top right corner, then “Settings”.
Then go to “Account”, pick an email account and click on the cogwheel on the right.
Lastly, go to “Domain Check-up” and you should see this screen:
It shows you if SPF is correct.
If DKIM is set up.
Lastly, it shows you how old your domain is.
Young domains are generally seen as suspicious, we will cover that later.
So, let’s look into authentication and start with SPF.
By the way if you are here to just set it up ASAP you can go to our help article under this lesson.
SPF stands for Sender Policy Framework
It is an authentication method for your domain.
By setting up SPF you define who can send using your domain.
This can be a service or a specific IP.
The reason why this setting is so important is that it can help to spot impersonation.
This means if someone tries to send emails in your name and is not authorized SPF will fail.
Now you will be aware of the problem and can act upon it.
With that being said in the cold email space impersonation is not that common.
Typically, you have a dedicated network of domains just for cold emailing.
Additionally, you scale now by having many domains so the risk is quite low.
Nevertheless, having this setting in place is seen as beneficial by the email service providers.
You show that you care about your domain’s safety and that’s why we set this up.
As mentioned, the SPF record is an authentication method for your domain.
This means you set this up in your DNS panel of your domain.
You do not need to set it up for each mailbox.
Let’s look at a typical SPF record if you use Google email accounts:
The important part here is the “include” part.
You are telling the receiving end that you allow Google to send emails using your domain:
We can display or highlight this part: “include:_spf.google.com”.
Now imagine you use a service like a newsletter software.
They often provide their own infrastructure for sending.
Our example SPF does not have them listed currently.
This means it would fail when you try to send emails via a newsletter service.
In the end, the receiving end will determine what to do with the email if SPF fails.
But there are some options you can set to signal what you wish for.
You can set a so-called soft or hard fail.
In the example above we use a softfail: “~all”.
This means if SPF fails it tells the receiving end that the service sending in your name is probably not allowed to do so.
A hard fail, signified by “-all”, signals that the sending service is definitely not allowed to send.
We can highlight “-all”
Now again, the receiving end will determine how to handle the situation.
However a hard fail will have a lower chance of being delivered.
To keep things short, you want to stick with “~all”.
You can add more control to what happens with your emails using DMARC.
No worries I will cover that later.
Let’s quickly cover a few more important aspects about SPF.
As we covered you define a list of multiple IPs and services to send in your name.
Woodpecker uses your mailbox email service provider infrastructure to send.
It only “pings” your email accounts at the right time for the right prospect.
Thus, you do not need to add Woodpecker to your SPF setting.
Keep in mind though that you need to add the email service provider of the mailbox.
Now, when defining your services and IPs that send in your name there are rules.
Make sure you are never exceeding more than 10 so called “lookups”.
If you do, your SPF will always fail leading to lowered deliverability.
There are countless tools out there that check your SPF.
As I mentioned before, Woodpecker has its own built-in system.
A free external tool I can generally recommend is EASYDMARC.
It will show you the lookup count and exactly who is set to send in your name.
Lastly, if you need step-by-step instructions you can always go to our help.
I am linking a guide just under this lesson.
You will find more examples there and how to set up SPF for common providers such as:
- Microsoft
- Zoho
- and so forth
The next lesson is about the second most important authentication method.
The DKIM.
See you there!