SPF Record Generator.
An SPF record is a DNS TXT entry that tells receiving mail servers which IP addresses and domains are authorized to send email on behalf of your domain. Without one, your emails are more likely to be flagged as spam or rejected. This free tool lets you check your existing SPF record for common issues like multiple records, missing policies, and DNS lookup limit violations per RFC 7208, or generate a new compliant record using an interactive builder with live validation. Proper SPF configuration is the foundation of email authentication and the first step in preventing domain spoofing.
Enter your email to receive a copy of your results and share them with your team.
How to Use This Tool
Check Existing SPF
Enter your domain name in the "Check Existing" tab. The tool queries your DNS records, validates the SPF syntax, counts DNS lookups, and provides specific recommendations for any issues found.
Generate New SPF
Switch to the "Generate New" tab. Add your email providers as include domains, add any dedicated IP addresses, select your policy level, and copy the generated record. Add it as a TXT record at your domain root.
How SPF Authentication Works
Email Sent
Your mail server sends an email with your domain in the return-path (envelope sender).
DNS Lookup
The receiving server queries DNS for a TXT record starting with v=spf1 on your domain.
IP Check
The server checks if the sending IP matches any authorized mechanism in your SPF record.
Verdict
Based on the match result and your "all" policy, the server accepts, quarantines, or rejects the email.
Frequently Asked Questions
What is an SPF record and why do I need one?
An SPF (Sender Policy Framework) record is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. It prevents email spoofing and improves deliverability by allowing receiving servers to verify that incoming mail from your domain comes from an authorized source. Without an SPF record, your emails are more likely to be marked as spam or rejected entirely.
How do I create an SPF record for my domain?
Use the Generate New tab in our SPF Record Generator above. Add include domains for your email providers (e.g., _spf.google.com for Google Workspace), any IP addresses that send email for your domain, and select a policy (-all for hard fail or ~all for soft fail). Copy the generated record and add it as a TXT record at your domain root (@) in your DNS provider dashboard.
What does the 10 DNS lookup limit mean for SPF records?
RFC 7208 limits SPF records to 10 DNS lookups during evaluation. Each include, a, mx, redirect, and exists mechanism counts as one lookup. If your record exceeds this limit, receiving servers may return a PermError and reject your email. To stay under the limit, use ip4/ip6 mechanisms instead of include where possible, and consolidate providers into fewer include statements.
What is the difference between -all, ~all, and ?all in SPF records?
These are the default policies for handling unauthorized senders. -all (hard fail) tells receiving servers to reject emails from unauthorized sources - recommended for established domains with known senders. ~all (soft fail) marks unauthorized emails as suspicious but does not reject them - good for initial setup and testing. ?all (neutral) applies no policy enforcement and is not recommended for production use.
Can I have multiple SPF records on one domain?
No. RFC 7208 requires exactly one SPF record per domain. Having multiple SPF records is a common misconfiguration that causes validation failures. If you need to authorize multiple providers, combine them into a single record using include mechanisms. Our Check Existing tool will detect and flag multiple SPF records on your domain.
Related DNS Tools
DKIM Record Checker
Verify DKIM DNS records for your domain to ensure email authentication is properly configured.
Use Tool → Email InfrastructureDMARC Record Generator & Checker
Build and validate DMARC policies to protect your domain from email spoofing and phishing attacks.
Use Tool → Email InfrastructureDomain Health Checker
Run a comprehensive health scan combining SPF, DKIM, DMARC, MX, and blacklist checks in one report.
Use Tool → Email InfrastructureMX Record Lookup
Look up MX records for any domain to see which mail servers handle its email delivery.
Use Tool →We Build Enterprise Email Infrastructure
Our Email Infrastructure Setup service handles SPF, DKIM, DMARC, and full email authentication setup. Starting at $5K for complete DNS authentication and deliverability optimization.
Learn About Email Infrastructure SetupLearn More
How to Build Cold Email Infrastructure That Scales
Domain procurement, DNS configuration including SPF setup, and sending architecture for 100K+ monthly sends.
Cold Email Deliverability: Why Emails Land in Spam
Diagnose the five root causes of deliverability failures including SPF misconfiguration, with concrete fixes.
Domain Warming Strategy: The Complete 2026 Guide
Day-by-day volume ramp schedules and DNS setup requirements before warming begins.