What is an SPF record?

SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are authorized to send email on behalf of your domain. It helps prevent email spoofing.

What is the difference between ~all and -all?

~all (softfail) marks unauthorized mail as suspicious — it is delivered but flagged. -all (fail) tells receiving servers to reject unauthorized mail. Use ~all while testing, then switch to -all for strict enforcement.

How do I add an SPF record to my DNS?

Log in to your DNS provider, create a new TXT record for your root domain (@), and paste the generated SPF record as the value. TTL of 3600 is standard.

Can I have multiple SPF records?

No. You can only have one SPF TXT record per domain. Combine all providers into a single SPF record. Multiple SPF records cause SPF to fail.

SPF Record Generator

Select your email providers and set your policy to instantly generate the correct SPF TXT record for your DNS. Prevent email spoofing.

Files never leave your browser

Email Providers

DNS Mechanisms

Include mxInclude a

Custom IP Addresses (one per line, e.g. 203.0.113.1)

Custom Includes (domain names, one per line)

Policy (all mechanism)

SPF TXT Record

v=spf1 mx include:_spf.google.com ~all

Policy: ~all
Record length: 38 chars

Add this as a TXT record for your domain in your DNS provider.

Generated entirely in your browser — nothing is sent to any server.

How to use SPF Record Generator

The SPF Record Generator builds a correct, syntactically valid Sender Policy Framework record from simple choices about who sends your email, so you do not have to memorise SPF’s mechanism grammar. You pick the mail providers and servers that are allowed to send for your domain — Google Workspace, Microsoft 365, your own mail server, marketing platforms — and the tool assembles the includes, ip4 entries and the correct closing all qualifier. The result is a single TXT record you paste into DNS, helping prevent spoofing and keeping your legitimate mail out of the spam folder.

Select the email providers and services that send on your behalf.
Add any additional sending IP addresses or hostnames you operate.
Choose an enforcement level: softfail (~all) or hardfail (-all).
Copy the generated SPF TXT record.
Publish it on your domain’s root as a TXT record and verify with a checker.

Your data never leaves your device — 100% private processing.

Choosing softfail or hardfail

The closing all mechanism sets the policy for servers not otherwise authorised. Softfail (~all) tells receivers to accept but flag unlisted mail, which is forgiving and a safe choice while you confirm you have listed every legitimate sender. Hardfail (-all) instructs receivers to reject unlisted mail outright, giving the strongest anti-spoofing protection. The recommended path is to deploy with ~all, monitor for a couple of weeks to be sure nothing legitimate is being missed, then switch to -all for full enforcement.

Keeping within the lookup limit

SPF permits at most ten DNS lookups during evaluation, and each include or mechanism that resolves a name counts toward it. Adding many providers can quietly push you over the limit, which causes a permerror and undermines the whole record. The generator helps by keeping the record compact and warning when you add enough includes to approach the ceiling. If you genuinely need more senders than ten lookups allow, consolidating vendors or flattening includes into ip4 ranges is the standard remedy.

Common provider includes
Provider	Include
Google Workspace	include:_spf.google.com
Microsoft 365	include:spf.protection.outlook.com
SendGrid	include:sendgrid.net
Mailchimp	include:servers.mcsv.net

Glossary

SPF: Sender Policy Framework — a TXT record naming authorised senders for a domain.
include: A mechanism that imports another domain’s SPF policy into your own.
ip4 / ip6: Mechanisms that authorise specific sending IP addresses or ranges.
all: The final mechanism setting the default result for unlisted senders.
Lookup limit: SPF’s cap of ten DNS lookups per evaluation.

Frequently Asked Questions

Free · No spam

Get weekly tool tips & updates

New tools, power-user tips, and productivity hacks — delivered free every Friday.

No spam, ever. Unsubscribe with one click.

Why use SPF Record Generator?

Real-time DNS lookups using live resolver queries
Supports IPv4 and IPv6 addresses
No software to install — runs entirely in the browser
Results include TTL values and record priority

Common use cases

Verify DNS propagation after updating nameservers
Check MX records when troubleshooting email delivery
Look up SPF/DKIM/DMARC records for email security audits
Test whether a SSL certificate is valid and up to date
Find the IP address behind a domain name

Related Network & DNS

DMARC Record Generator

Generate DMARC DNS TXT records for your domain. Set policy, alignment, and reporting email addresses. Free DMARC policy generator.

Subnet / CIDR Calculator

Calculate network address, broadcast address, usable IP range, and host count for any IPv4 subnet. Free CIDR calculator.

DNS Lookup Tool

Look up DNS records for any domain — A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA records. Free, instant results pulled from authoritative nameservers.

DNS Propagation Checker

Check if your DNS changes have propagated worldwide. Test A, MX, and NS records across 8 global DNS servers to confirm updates are live everywhere.

What Is My IP Address?

Instantly find your public IP address. Shows your IPv4 address as seen by websites and servers, plus quick details about your connection.

HTTP Headers Checker

View HTTP response headers for any URL. Check status codes, security headers, caching, redirects, and server details instantly. Free and private.

Explore all Network & DNS.