The Sender Policy Framework (SPF) is a validation method for detecting e-mail spoofing. Email spoofing is the creation of email messages with a spoofed sender address. SPF therefore checks whether e-mails are sent via servers that are not authorized to send e-mails.

As a result of SPF, our simulated phishing emails may sometimes be falsely marked as spam or phishing. To prevent this, we recommend adding SoSafe to your SPF entries. Your SPF entries could look something like this: 

v=spf1 ip4: ipv4: ip6: 2a00:f820:417::6129:4040ipv6-1 ip6: 2a00:f820:417:2:51:92:b48a:f910ipv6-2 -all


Step 1: 

Start with the SPF version that classifies the entry as SPF. An SPF entry should always start with the version number "v=spf1".  


Step 2: 

After inserting the SPF version tag "v=spf1", all IP addresses authorized to send e-mails should follow. For example: v=spf1 ip4: ip6: 2a00:f820:417:2:51:92:b48a:f9101a05:d017:e3:8c00:bb71:dea8:3b83:891c 


Step 3: 

Next, add an include tag for SoSafe domains such as "" or "". This will authorize our mail servers as allowed mail servers for your domain. You can find a list of all required domains in our SoSafe Manager under Simulation > Whitelisting > List of used domains in phishing links


Step 4: 

Once you have implemented all IP addresses and inserted tags, you should close your entry with a "-all" tag. The "all" tag is an important part of the SPF entry as it indicates which policy (e.g. reject the email or mark it as spam) should be applied.  


-all: Fail - Servers not listed in the SPF entry are not allowed to send email (non-compliant emails are rejected). 

~all: Softfail - If the email is received from a server that is not listed, the email is marked as softfail (emails are accepted but marked). 

+all: We strongly recommend not to use this option, this marking allows any server to send email from your domain. 


Attention: Please note that your SPF entry must not be longer than 255 characters and must not contain more than 10 include tags, also called "lookups". Please note that the "nested lookups" also count. If an entry has an A and MX lookup, both count as lookups for your domain.