SPF Record Generator - Build SPF Records Online

SPF Record Generator

Domain Name:

Include MX records (allow mail servers defined in MX records)

Include A record (allow domain's A record IP)

IPv4 Addresses (one per line): Single IPs or CIDR notation

IPv6 Addresses (one per line): Single IPs or CIDR notation

Include Domains (one per line): External SPF records to include (e.g., email service providers)

All Mechanism:

What is an SPF Record?

SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are authorized to send email on behalf of your domain. It helps prevent email spoofing and improves deliverability.

How This Tool Works

Enter your domain name
Select which mechanisms to include (MX, A records)
Add authorized IP addresses (IPv4 and/or IPv6)
Include external SPF records (e.g., from email service providers)
Choose your "all" mechanism policy
Generate and copy your SPF record
Add it as a TXT record in your DNS

SPF Mechanisms Explained

v=spf1: Version identifier (always required)
mx: Allow mail servers listed in MX records
a: Allow the domain's A record IP
ip4: Authorize specific IPv4 addresses or ranges
ip6: Authorize specific IPv6 addresses or ranges
include: Include another domain's SPF record
all: Default policy for unlisted servers

All Mechanism Qualifiers

~all (Soft Fail): Mark as spam but accept - Recommended for most cases
-all (Hard Fail): Reject unauthorized mail - Use when confident in configuration
?all (Neutral): No policy - Not recommended, provides no protection
+all (Pass All): Allow all senders - Never use, defeats SPF purpose

Example: Common SPF Records

Basic SPF with Google Workspace: v=spf1 include:_spf.google.com ~all SPF with multiple providers and IPs: v=spf1 mx ip4:192.0.2.0/24 include:_spf.google.com include:spf.protection.outlook.com ~all Strict SPF with specific IPs only: v=spf1 ip4:192.0.2.1 ip4:192.0.2.2 -all

Common Include Domains

Google Workspace: _spf.google.com
Microsoft 365: spf.protection.outlook.com
SendGrid: spf.sendgrid.net
Mailchimp: servers.mcsv.net
Amazon SES: amazonses.com

SPF Limitations & Best Practices

10 DNS Lookup Limit: SPF has a maximum of 10 DNS lookups. Each "include" counts as a lookup.
One Record Only: You can only have one SPF record per domain
Use CIDR Notation: Reduce lookups by using IP ranges (e.g., 192.0.2.0/24)
Start with ~all: Use soft fail while testing, switch to -all when confident
Combine with DKIM & DMARC: SPF alone is not enough, use all three
Monitor Results: Use DMARC reports to track SPF pass/fail rates
Keep it Updated: Update SPF when changing email providers or servers

Testing Your SPF Record

After adding your SPF record to DNS:

Wait for DNS propagation (usually 5-30 minutes)
Use the SPF Checker to verify it's published correctly
Send test emails and check headers for "spf=pass"
Monitor DMARC aggregate reports for SPF results

Related Tools

SPF Checker - Validate existing SPF records
DKIM Generator - Create DKIM records
DMARC Checker - Verify DMARC configuration
Email Deliverability Tester - Test complete setup
DNS Record Viewer - View all DNS records

386+ Tools Comprehensive Tools for Webmasters, Developers & Site Optimization