SPF Record Generator
Select your email providers, add any custom senders, and choose an enforcement level. Your SPF record updates in real time.
Select every service that sends email on behalf of your domain.
Add include: mechanisms for providers not listed above. Enter the SPF domain only (e.g. _spf.yourprovider.com).
Add ip4: or ip6: ranges for servers sending mail directly (e.g. 203.0.113.1 or 2001:db8::/32).
v=spf1 -allDNS Instructions
- • Record type: TXT
- • Host / Name:
@(root domain) - • TTL: 3600 (1 hour)
- • Only one SPF record per domain is allowed — replace any existing one, do not add a second.
Frequently Asked Questions
What is an SPF record and why do I need one?
An SPF (Sender Policy Framework) record is a DNS TXT record that specifies which mail servers are authorised to send email on behalf of your domain. Without a valid SPF record, your emails may be rejected or marked as spam, and your domain is easier to spoof in phishing attacks.
What does -all vs ~all mean in an SPF record?
-all (hard fail) tells receiving mail servers to reject email from any server not listed in the SPF record. ~all (soft fail) marks it as suspicious but still delivers it. -all is recommended for production once you have confirmed all legitimate sending sources are listed. Use ~all only while testing.
How many DNS lookups is too many in an SPF record?
SPF has a hard limit of 10 DNS lookups per evaluation. Each include: mechanism counts as one lookup (plus any nested lookups it triggers). Exceeding 10 causes an SPF permanent error (permerror), meaning SPF fails regardless of your configuration. If you are close to the limit, consider SPF flattening — replacing include: mechanisms with direct IP addresses.
Can I have more than one SPF record?
No. Having multiple DNS TXT records starting with v=spf1 on the same domain causes an SPF permanent error. Only one SPF record is allowed per domain. If you need to authorise multiple sending services, combine them all into a single record.
How do I add a new email provider to my existing SPF record?
To add a new provider, edit your existing SPF record in your DNS settings and insert the provider's include: mechanism before the all mechanism at the end. For example, if you add HubSpot to an existing Google Workspace record: v=spf1 include:_spf.google.com include:_spf.hubspot.com -all. Check your updated lookup count stays under 10.