Configuring the SPF Email Authentication Method

Learn how to configure the SPF email security

Last Updated

September 30th, 2020

Docebo Module


Reading Time

2 min

User Level


A Sender Policy Framework (SPF) record is a special type of Domain Name Service (DNS) record, which when applied, authorizes the usage of email addresses by a third party.

You can configure the SPF as an email authentication method to allow Docebo to send trusted emails on your behalf, to reduce the possibility of ending up in a recipient’s junk email folder.

Configuration Guideline

You need to set an SPF record to allow an email from to be sent by Docebo’s mail servers. This will allow the recipient server to verify that the original mail server is authorized to send emails from that address. If you do not already have an SPF record in your custom domain, you should create it through your provider as a new TXT record with the following info:

v=spf1 mx ~all

If you already have an SPF record, you should add the following text to it:

This line should be added after the last ‘include’, but before the ‘~all’ clause.

You cannot set two SPF records. Doing so will cause them both to be voided, which may lead the sent email to be marked as spam. If you do not set an SPF record, the recipient will not be able to validate the sender. Therefore, some recipients may reject emails sent from the platform or mark them as spam.

REMEMBER: Docebo does not have a set of static IPs that can be placed in an allow list.

Please note that Docebo also offers DKIM security feature as a method to validate the platform domain name identity associated with the email messages sent by the platform via the Notification App, so that they will not end up in a recipient’s junk email folder. Docebo recommends that you use DKIM for email notification security. However, SPF is available for companies that may not be able to set up DKIM due to their own companies’ infrastructures.

The Sender Policy Framework (SPF) specification has a limit on the number of DNS lookups required to fully resolve an SPF record. The SPF specification typically has a limit of 10 DNS lookups.