SPF allows one to specify which SMTP servers can send emails on behalf of a domain. The SPF record is defined as a DNS TXT record and specifies the list of allowed senders for the domain.
"v=spf1 a ip4:220.127.116.11 include:_spf.mx.cloudflare.net include:_spf.google.com ~all"
v=spf1specifies that this TXT record is indeed an SPF record.
ainclude the IP addresses of the domain, as returned by the
AAAArecords. This is required to let your own server send emails.
ip4:18.104.22.168allows a specific server by IP address to send emails. You can also use netmasks (ie
/20) to allow ranges.
include:_spf.mx.cloudflare.netallows Cloudflare Email Routing to forward emails for your domain.
include:_spf.google.comallow sending emails via Google Workspace/Gmail.
~allThis marks every other server not listed so far as insecure/spam, but the email will be accepted. This can be replaced by
-allwhich would tell the recipient to reject emails from unauthorized servers.