Free Tool

SPF Record Generator

Create a properly formatted SPF record for your domain. SPF (Sender Policy Framework) specifies which mail servers are authorized to send email for your domain, helping prevent spoofing.

Select your email providers below — your SPF record will appear here.

Domain

Domain Name

The domain you want to create an SPF record for

Email Providers

Google Workspaceinclude:_spf.google.com

Microsoft 365include:spf.protection.outlook.com

Amazon SESinclude:amazonses.com

SendGridinclude:sendgrid.net

Mailguninclude:mailgun.org

Postmarkinclude:spf.mtasv.net

Zoho Mailinclude:zoho.com

Mailchimpinclude:servers.mcsv.net

Custom Includes

IPv4 Addresses

IPv6 Addresses

SPF Qualifier

What is SPF Record?

SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are allowed to send email on behalf of your domain. An SPF record is a DNS TXT entry that lists authorized sending sources. When a receiving server gets an email, it checks the SPF record to verify the sender is legitimate.

How to Use This Tool

Select Your Email Providers

Check the boxes for all services that send email from your domain — your email platform (Google Workspace, Microsoft 365), marketing tools (SendGrid, Mailgun), and any custom servers.

Add to Your DNS

Log in to your DNS provider. Create or update the TXT record for your root domain (@) with the generated SPF value. Only one SPF record per domain is allowed.

Verify Your Record

Use an SPF lookup tool to confirm your record is published correctly. Send a test email and check the headers to verify SPF is passing.

Frequently Asked Questions

An SPF record is a DNS TXT entry that lists all servers authorized to send email for your domain. Receiving mail servers check this record to verify if an email actually came from an allowed source.

-all (hard fail) tells receivers to reject unauthorized emails outright. ~all (soft fail) marks them as suspicious but still delivers them. Start with ~all while testing, then switch to -all for strict enforcement.

No. DNS allows only one SPF record per domain. If you need to authorize multiple services, combine them into a single record using multiple 'include' mechanisms.

SPF records can only trigger 10 DNS lookups. Each 'include', 'a', 'mx', and 'redirect' mechanism counts as one lookup. Exceeding this limit causes SPF to fail. Use IP addresses instead of includes when possible to reduce lookups.

Yes. Every service that sends email on behalf of your domain needs to be in your SPF record — email hosting, marketing platforms, CRM systems, transactional email services, and any custom mail servers.

After publishing your record, send a test email and check the email headers for 'spf=pass'. You can also use online SPF lookup tools to validate your record syntax and check for issues.

SPF configured? Warm up your sender reputation.

SPF tells servers you're authorized to send. But a new domain still needs warmup. TrulyInbox builds your sender reputation gradually so emails reach the inbox.