Understanding the Sources Table
Reading source data and recommendations
Understanding the Sources Table
The sources table is the central working area of SPF Management. It lists every email source detected in your DMARC reports, with all the data you need to make an approve/reject decision.
Column Reference
| Column | What It Shows |
|---|---|
| Source / Service | The sending IP address or, where recognised, the email service name (e.g. "Mailchimp", "SendGrid"). Recognised services are shown with their logo. |
| Volume | Total emails sent from this source in the reporting period. Higher volume sources have greater impact on your compliance rate — prioritise these. |
| SPF Pass Rate | Percentage of this source's emails that passed SPF. If the source is not in your SPF record, this will be 0%. |
| DKIM Pass Rate | Percentage of emails with a valid DKIM signature. High DKIM rates are a strong legitimacy signal even when SPF fails. |
| DMARC Pass Rate | Combined pass rate — emails that pass either SPF or DKIM (with alignment). This is the number that directly affects your DMARC compliance score. |
| Confidence | AI trust score (0–100%). Combines authentication rates, service recognition, sending history, and volume patterns into a single approval recommendation score. |
| First Seen / Last Seen | How long this source has been sending. Established senders (30+ days) score higher than brand-new sources. |
| Include in SPF | The checkbox that controls whether this source is in your managed SPF record. This is the single authoritative control — checking it adds the source, unchecking removes it. The SPF record updates automatically. |
| Status | Current state: Pending, Approved, Monitoring, Rejected |
AI Recommendation Icons
| Icon | Recommendation | Suggested Action |
|---|---|---|
| ✔ | Add to SPF | Safe to approve — strong signals of legitimacy |
| 👁 | Monitor | Watch for 7 days before deciding |
| ❌ | Reject | Suspicious or unverifiable — reject this source |
The Three Tabs
Sources
Active and pending sources currently being considered for your SPF record. This is where you approve, monitor, or reject sources.
Recommended
Sources the AI has analysed and recommends you act on. Sorted by confidence score so you can quickly approve high-confidence sources or reject threats.
Excluded
Sources that have been removed from SPF consideration — whether rejected by you, dismissed, auto-removed by the system, or made redundant by IP consolidation. These sources are not in your SPF record.
Excluded Sources Tab — In Detail
The Excluded tab collects every source that has been removed from SPF consideration. Each source shows its original status badge so you can see why it was excluded:
| Status | How It Got Here |
|---|---|
| Rejected | You or the AI explicitly rejected this source as illegitimate or unwanted. |
| Blocked | Flagged as a security threat and blocked from future consideration. |
| User Removed | You manually removed this source from your SPF record. |
| Dismissed | You dismissed the source without approving or rejecting it. |
| Auto-Removed | System cleanup removed this source automatically (e.g. stale source with no recent email volume after 60+ days). |
| Zero Volume | No email volume detected from this source. Kept for reference but excluded from SPF. |
| Redundant | This individual IP is already covered by an include: directive in your SPF record (e.g. 5 Google IPs consolidated into include:_spf.google.com). |
Actions on the Excluded Tab
- Restore — moves a source back to the Sources tab so it can be re-evaluated and potentially included in SPF again. Use this if a source was removed by mistake or if a previously stale service has resumed sending.
- Select + Bulk Restore / Bulk Delete — use the checkboxes to select specific sources, then restore or permanently delete them in one action.
Delete All Rejected
Permanently removes all sources with Rejected or Blocked status from your database. Use this to clean up sources you have already decided are not legitimate senders. Since you (or the AI) explicitly rejected these, they are safe to delete — they were never going to be added to your SPF record. This is a housekeeping action that reduces clutter in the Excluded tab.
Delete All Redundant
Permanently removes individual IP sources that are already covered by an include: directive
in your SPF record. For example, if DMARC reports detected 5 separate IPs belonging to your email
hosting provider, and those IPs were consolidated into a single include:spf.provider.com,
the 5 individual IP sources are now redundant — the include already authorises them. Deleting them
removes visual noise without affecting your SPF record.
Both delete actions are permanent
Deleted sources cannot be recovered. If the same IP or service appears in future DMARC reports, it will be re-detected as a new source. Neither action affects your live SPF record — these sources are already excluded.
Filtering and Sorting
Use the table controls to focus on what matters most:
- Sort by Volume — approve the highest-impact sources first
- Sort by Confidence — work from most to least certain
- Filter by Status — view only pending, monitoring, or approved sources
- Search — find a specific service or IP address
The Include in SPF Checkbox is the Single Source of Truth
Only sources with Include in SPF checked are added to your managed SPF record. Status badges are informational — they do not control what's in your SPF record. The checkbox does.