How does SPF work?

When a server receives a message, it checks the domain in the envelope from, then retrieves that domain’s SPF record from DNS. The SPF record states which IP addresses or systems are authorized to send.

If the connecting server’s IP appears in the SPF mechanisms, then the message passes. If not, it fails or softfails based on the qualifiers.

It functions like a port authority comparing the ship approaching the dock with the list of vessels that are allowed to carry that domain’s cargo.