SPF (Sender Policy Framework, RFC 7208) authorizes specific servers to send mail for your domain. When you start sending through Brevo, you must publish a single SPF record at your domain apex that includes Brevo's sending infrastructure — otherwise the messages will fail SPF, your DMARC checks will fail, and your mail will land in spam or be rejected outright.
If you already publish SPF for another sender (Google Workspace for inbound, a marketing tool, your CRM), do not publish a second record. Merge the new include into the existing record. RFC 7208 §3 forbids multiple SPF records on the same name and receivers MUST return permerror when they see one.
Publish these DNS records
Add the following record(s) to your domain's DNS zone. Most registrars (Cloudflare, Route 53, Namecheap, GoDaddy) accept values exactly as shown.
- Type
TXT- Host
@- Value
v=spf1 include:spf.brevo.com ~all
- Older Sendinblue documentation references `include:spf.sendinblue.com` — that still resolves but Brevo recommends migrating to the new include.
Where in Brevo
The SPF configuration lives in Brevo → Senders, Domains & Dedicated IPs → Domains → Authenticate this domain.
Verify the records
Once published, run the SPF Checker on your domain to verify the lookup chain expands cleanly and stays under the 10-DNS-lookup limit.
dig +short TXT your-domain.comCommon pitfalls
- Brevo's free tier sends from `@sendinblue.com` until you authenticate a domain — even after authentication, transactional mail through the SMTP relay defaults to a random subdomain unless you explicitly configure the From: address.
- The Sendinblue → Brevo rebrand left some docs and DNS templates with stale `sendinblue.com` references. The current canonical DNS host is `brevo.com`.