Free Tool

SPF Record Generator

Create a properly formatted SPF record for your domain. SPF (Sender Policy Framework) specifies which mail servers are authorized to send email for your domain, helping prevent spoofing.

Select your email providers below — your SPF record will appear here.

Domain

Domain Name

The domain you want to create an SPF record for

Email Providers

Google Workspaceinclude:_spf.google.com

Microsoft 365include:spf.protection.outlook.com

Amazon SESinclude:amazonses.com

SendGridinclude:sendgrid.net

Mailguninclude:mailgun.org

Postmarkinclude:spf.mtasv.net

Zoho Mailinclude:zoho.com

Mailchimpinclude:servers.mcsv.net

Custom Includes

IPv4 Addresses

IPv6 Addresses

SPF Qualifier

What is SPF Record?

SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are allowed to send email on behalf of your domain. An SPF record is a DNS TXT entry that lists authorized sending sources. When a receiving server gets an email, it checks the SPF record to verify the sender is legitimate.

Why It Matters

SPF is your domain's guest list for email. Without it, any mail server can claim to send email on your behalf, making your domain a target for spoofing. Most email providers check SPF before deciding whether to deliver or spam-folder your message. A missing or broken SPF record is one of the most common reasons cold emails go to spam.

How to Use This Tool

Select Your Email Providers

Check the boxes for all services that send email from your domain — your email platform (Google Workspace, Microsoft 365), marketing tools (SendGrid, Mailgun), and any custom servers.

Add to Your DNS

Log in to your DNS provider. Create or update the TXT record for your root domain (@) with the generated SPF value. Only one SPF record per domain is allowed.

Verify Your Record

Use an SPF lookup tool to confirm your record is published correctly. Send a test email and check the headers to verify SPF is passing.

Common Mistakes to Avoid

Creating multiple SPF records

DNS only allows one SPF record per domain. Having two causes both to fail. If you need to authorize multiple services, combine them into a single record using 'include' mechanisms.

Exceeding the 10-lookup limit

Each 'include', 'a', 'mx', and 'redirect' counts as a DNS lookup. Exceeding 10 causes SPF to permanently fail (permerror). Use IP addresses instead of includes where possible.

Using +all instead of ~all or -all

The +all qualifier allows ANY server to send email as your domain — it effectively disables SPF. Always use ~all (soft fail) or -all (hard fail) to restrict unauthorized senders.

Forgetting to include all sending services

If your CRM, marketing tool, or transactional email service isn't in your SPF record, those emails fail authentication. Audit every service that sends email on your behalf.

Frequently Asked Questions

An SPF record is a DNS TXT entry that lists all servers authorized to send email for your domain. Receiving mail servers check this record to verify if an email actually came from an allowed source.

-all (hard fail) tells receivers to reject unauthorized emails outright. ~all (soft fail) marks them as suspicious but still delivers them. Start with ~all while testing, then switch to -all for strict enforcement.

No. DNS allows only one SPF record per domain. If you need to authorize multiple services, combine them into a single record using multiple 'include' mechanisms.

SPF records can only trigger 10 DNS lookups. Each 'include', 'a', 'mx', and 'redirect' mechanism counts as one lookup. Exceeding this limit causes SPF to fail. Use IP addresses instead of includes when possible to reduce lookups.

Yes. Every service that sends email on behalf of your domain needs to be in your SPF record — email hosting, marketing platforms, CRM systems, transactional email services, and any custom mail servers.

After publishing your record, send a test email and check the email headers for 'spf=pass'. You can also use online SPF lookup tools to validate your record syntax and check for issues.

Related Free Tools

DMARC Record Generator

Generate a DMARC DNS TXT record to protect your domain from email spoofing and phishing.

Try it free

DKIM Record Generator

Generate DKIM DNS records and cryptographic keys to verify your emails haven't been tampered with in transit.

Try it free

Email Header Analyzer

Paste raw email headers to check SPF, DKIM, and DMARC authentication and trace the email's routing path.

Try it free

SPF configured? Warm up your sender reputation.

SPF tells servers you're authorized to send. But a new domain still needs warmup. TrulyInbox builds your sender reputation gradually so emails reach the inbox.