What is an SPF record?

An SPF (Sender Policy Framework) record is a DNS TXT record that specifies which IP addresses and servers are authorized to send email on behalf of your domain, helping prevent email spoofing.

How do I create an SPF record?

Use our SPF record generator above. Add your authorized email servers, IP addresses, and choose the appropriate policy (fail/softfail/neutral). The tool will generate a valid SPF record for your DNS.

What should I include in my SPF record?

Include all legitimate email servers that send mail for your domain: your email provider's servers, web hosting mail servers, third-party email services (like MailChimp), and any other authorized senders.

What SPF policy should I use?

Start with ~all (softfail) to monitor without blocking emails, then move to -all (fail) once you're confident all legitimate senders are included in your SPF record.

Can a domain have multiple SPF records?

No, domains should have exactly one SPF record. Multiple SPF records will cause validation failures. If you need to authorize many senders, include them all in a single SPF record.

SPF Record Generator

Create valid SPF records for your domain with our easy-to-use generator. Authorize email servers, set policies, and improve email deliverability.

Domain Name (Optional - for reference)

Quick Add Email Providers

SPF Mechanisms

No mechanisms added yet. Add email servers and IP addresses that are authorized to send email for your domain.

Final Policy

All Policy

Redirect (Optional)

Use redirect instead of all policy to delegate to another SPF record

Generated SPF Record

v=spf1 ~all

Characters (255 max)

DNS Lookups (10 max)

Valid

Record Status

📋 DNS Setup Instructions

Record Type: TXT

Name/Host: @ (or your domain)

Value: The generated SPF record above

TTL: 3600 (1 hour) or your provider default

Priority: N/A (not used for TXT records)

Important Notes:

• Only one SPF record per domain is allowed
• Test with ~all before using -all policy
• Changes may take up to 48 hours to propagate
• Verify the record with our SPF Record Checker

💡 SPF Generator Tips

• Start simple: Begin with your main email provider and add others as needed

• Use includes: Prefer include mechanisms over IP addresses for better maintainability

• Test thoroughly: Use ~all policy initially to monitor without blocking emails

• Monitor lookups: Keep DNS lookups under 10 to avoid SPF failures

• Regular review: Update SPF records when changing email providers or servers

• CIDR notation: Use IP ranges (192.168.1.0/24) to reduce record length

SPF Record Basics

SPF (Sender Policy Framework) records help prevent email spoofing by defining which servers are authorized to send email for your domain.

When an email is received, the recipient's mail server checks the SPF record to verify that the sending server is authorized to send mail for that domain.

SPF Benefits:

• Prevents email spoofing
• Improves email deliverability
• Protects domain reputation
• Required for DMARC compliance
• Reduces spam and phishing

SPF Mechanisms

a

Authorizes the A record of the domain. If the domain's A record matches the sending IP, the email passes SPF.

mx

Authorizes the mail exchange (MX) servers for the domain. Common for domains that send email from their own mail servers.

ip4/ip6

Explicitly authorizes specific IPv4 or IPv6 addresses or CIDR ranges. Most direct way to authorize sending servers.

include

Includes another domain's SPF record. Useful for third-party email services like Google Workspace or MailChimp.

Frequently Asked Questions

What is the SPF lookup limit?

SPF records are limited to 10 DNS lookups during evaluation. This includes 'include', 'a', 'mx', and 'redirect' mechanisms. Exceeding this limit causes SPF to fail.

Should I use -all or ~all?

Start with ~all (softfail) for testing, then move to -all (hardfail) once you're confident. -all provides better protection but can block legitimate emails if misconfigured.

How long is an SPF record valid?

SPF records don't expire, but DNS TTL determines how long they're cached. Review and update your SPF record when changing email providers or servers.

Can SPF records be too long?

Yes, SPF records must be under 255 characters for a single TXT record. Use includes and CIDR notation to keep records concise while authorizing all needed servers.

SPF Record Generator

Quick Add Email Providers

SPF Mechanisms

Final Policy

Generated SPF Record

📋 DNS Setup Instructions

💡 SPF Generator Tips

SPF Record Basics

SPF Benefits:

SPF Mechanisms

a

mx

ip4/ip6

include

Frequently Asked Questions

What is the SPF lookup limit?

Should I use -all or ~all?

How long is an SPF record valid?

Can SPF records be too long?

Related Email Authentication Tools

SPF Record Checker

DMARC Record Checker

Email Reputation Checker