Brand Protection Dmarc as a Service

Demystifying SPF Macros

Sender Policy Framework, more commonly known as SPF, is an email authentication standard that allows a domain owner to authorize the use of its domain in email messages, with such authorization tied to the physical source of the message

Demystifying SPF Macros. Sender Policy Framework, more commonly known as SPF, is an email authentication standard that allows a domain owner to authorize the use of its domain in email messages, with such authorization tied to the physical source of the message. This authorization is done by publishing a record in the DNS (Domain Name System). The record must follow a specific format, and most SPF records use various tags, called mechanisms, that explicitly list things such as IP addresses, networks and hostnames.

The SPF standard also defines certain character sequences, referred to as macros, that are meant to be replaced by metadata from the individual message that requires SPF validation. Most SPF records are fairly straightforward, and the mechanisms mentioned above are enough for many domain owners to craft a record that properly authorizes use of their domain. However, there are cases where the record is complicated, perhaps due to its sheer size, or other factors that just can’t be addressed by those mechanisms. In those situations, these macros provide incredible power and flexibility in crafting SPF records, something that Valimail takes advantage of with our patented Instant SPF® technology. 

It is true to say that macros are not widely used, at least relative to mechanisms, and because of this macros are also not widely understood. The purpose of this post is to remove any fear, uncertainty, or doubt that you, our customer, might have about SPF macros.

Before We Talk About Macros, A Little Bit About SMTP

Simple Mail Transfer Protocol (SMTP) is the standard that describes the language used by two computer hosts that want to exchange an email message over the internet. SMTP declares the sending host in the SMTP transaction as the “client”, and the receiving host as the “server”. As the name states, the protocol is simple, with only a handful of commands defined. A typical SMTP transaction looks like this:

  • Client attempts to connect to server
  • Server accepts the connection
  • Client issues a greeting (literally “EHLO” or in some cases “HELO”) announcing its name
  • Server issues a greeting in response
  • Client describes the sender of the message using the command “MAIL FROM”
  • Server accepts the sender
  • Client describes one or more intended recipients of the message using the command “RCPT TO”
  • Server accepts or rejects each recipient
  • Client passes the full body of the message using the command “DATA”
  • Transaction ends with the message accepted or rejected by server.

SPF is designed to validate a domain’s usage early in the SMTP transaction.

How Macros Work

Let’s look at a typical SPF record for a Valimail customer:

"v=spf1 include:%{i}._ip.%{h}._ehlo.%{d} -all"

The record makes use of two SPF include directives, which are instructions to go look up the named record and include that lookup’s result in the expansion of this SPF record. The macros are in the second include directive:


There are three macros here, each represented by the four character sequence of percent sign, left curly brace, macro letter, right curly brace, and obviously the macro letter itself is the most meaningful character in that sequence. For Valimail’s SPF record, the three macros and their meanings are:

%{i} - The IP address of the client for the message
%{h} - The EHLO/HELO domain of the client for the message
%{d} - The sender domain from the “MAIL FROM” command

So, taking what we know about an SMTP transaction, imagine a client sending from IP address “” issued the following two commands as part of attempting to send the message:


The server receiving this message and attempting to validate the SPF record would attempt to lookup the following DNS record:

If the customer has properly configured their account with Valimail’s Authenticate product, the query would yield a positive response indicating that the domain “” is authorized for mail sent from IP address “”.

So Why Are Macros Poorly Understood, or Even Feared?

There are several sites on the internet that will perform some form of SPF record validation. They typically work on the model of inputting a domain and maybe an IP address, clicking a button, and getting some report on whether the record is valid or not and perhaps whether or not mail sent using that domain from that IP address will pass. The reason macros don’t inspire confidence among first-time users is because they can’t really be tested using these sites.

SPF records like ours are designed for complex sending environments, usually for customers who are using one or more third party services to send mail. As such, our customers may not know the IP address(es) of the hosts sending their mail, nor their EHLO hostnames, and frankly they don’t have to know this information. However, even if our customers did have that information, it would be useless for testing their SPF record at any of the sites in question because they don’t support inputting at least some of that information.

The fact is that the only way to really test the validity of SPF records like ours is to configure the SPF record for your domain, send mail, and inspect the headers once it’s received. That’s an uncomfortable step for many potential customers, but we’re confident that you’ll see an SPF pass verdict in those headers, just like in the tens if not hundreds of millions of messages that our existing customers send each day. 

It’s not just our customers who benefit from SPF macros, though. We know of other large senders who make use of macros as well to support their customers, to the tune of hundreds of millions or more messages with SPF pass verdicts each day. We can’t name them here, but ask your salesperson to point them out, and they’ll gladly show you the evidence in live DNS records.

The bottom line is that macros have been part of the SPF standard since its publication in 2006. They allow for easy expression of complex SPF records, and they’re used to support billions of messages per day. They are a powerful tool for any sender who needs them, and if configured correctly, they just work.