SPF Record Generator

Create a valid SPF record for your domain. Configure your email providers and generate the DNS TXT record instantly.

Your Domain

Enter your domain name (for reference only - not included in the SPF record)

Email Providers

Select the services that send email on behalf of your domain

Google Workspace

_spf.google.com

4 lookups

Microsoft 365

spf.protection.outlook.com

2 lookups

Amazon SES

amazonses.com

1 lookup

Mailchimp

servers.mcsv.net

1 lookup

SendGrid

sendgrid.net

1 lookup

Mailgun

mailgun.org

1 lookup

Custom Includes

Add additional include mechanisms for other email services

IP Addresses

Add specific IP addresses that are authorized to send email for your domain

IPv4 Addresses

Single IPs (192.0.2.1) or CIDR ranges (192.0.2.0/24)

IPv6 Addresses

Single IPs or CIDR ranges (2001:db8::/32)

Additional Mechanisms

Include your domain's A and MX records as authorized senders

Include MX Records

Authorize your mail server IPs (from MX records) to send email

1 lookup

Include A Record

Authorize your domain's A record IP to send email

1 lookup

Default Policy

What should happen to emails from sources not listed above?

Soft Fail (~all) - Recommended

Emails from unauthorized sources should be accepted but marked as suspicious. This is safer when first implementing SPF, as it won't block legitimate emails if you missed a sender.

Hard Fail (-all)

Emails from unauthorized sources should be rejected. Use this only after you've verified all legitimate senders are included in your SPF record.

Generated SPF Record

Copy this record and add it to your DNS as a TXT record

v=spf1 ~all

0/10 DNS lookups

How to Add This Record

Log in to your DNS provider or domain registrar
Navigate to DNS settings for your domain
Add a new TXT record with these settings:
- Type: TXT
- Host/Name: @ (or leave blank)
- Value: The generated SPF record above
- TTL: 3600 (or 1 hour)
Save the record and wait for DNS propagation (up to 48 hours)

Important

You can only have one SPF record per domain. If you already have an SPF record, you'll need to merge the mechanisms instead of creating a new record.

Understanding SPF Records

SPF (Sender Policy Framework) is an email authentication protocol that helps prevent email spoofing. It works by allowing domain owners to specify which mail servers are authorized to send email on behalf of their domain.

How SPF Works

You publish an SPF record in your DNS as a TXT record
When an email is sent, the receiving server checks your SPF record
The server verifies if the sending IP is authorized
Based on the result, the email is accepted, marked as suspicious, or rejected

The 10 DNS Lookup Limit

SPF has a critical limitation: each SPF evaluation can perform a maximum of 10 DNS lookups. This includes lookups for include:, a, mx, ptr, and redirect mechanisms.

If your SPF record exceeds 10 lookups, receiving servers may return a "permerror" result, potentially causing email delivery issues. The ip4: and ip6: mechanisms don't count toward this limit since they don't require DNS lookups.

SPF Qualifiers Explained

+all (Pass) - Allow all (not recommended)
~all (SoftFail) - Accept but mark suspicious
-all (Fail) - Reject unauthorized senders
?all (Neutral) - No policy (not recommended)

Monitor Your SPF Record

SPF is just one part of email authentication. For complete protection, you also need DKIM and DMARC. MimeProtect monitors all three and alerts you to:

SPF record changes and potential issues
DNS lookup limit warnings
Unauthorized senders attempting to use your domain
Authentication failures affecting deliverability