Free SPF Record Generator

Add your sending IPs and third-party services, choose a failure policy, and get a ready-to-publish DNS TXT record.

Email Tester Inbox Placement Tester
SPF Record Generator
Create a valid SPF record for your domain in a few clicks.
Enter Your Domain Name:
Choose Authorization Mechanisms:
Use Redirect
Include IPv4 IPv6 A Record MX Record PTR Record Exists
Choose SPF Failure Policy:
Built with by Henry Timmes · Named contributor to RFC 7489 (DMARC)

Building a Valid SPF Record

A correct SPF record tells receiving mail servers exactly which IPs and services are authorized to send email on your domain's behalf. Getting it right the first time avoids PermerErrors, missed deliveries, and weeks of DNS troubleshooting.

  1. Enter your domain name in the field above
  2. Click the authorization mechanism you want to add (Include, IPv4, IPv6, A Record, etc.)
  3. Fill in the value for each mechanism — for example, _spf.google.com for Google Workspace
  4. Choose your SPF failure policy (-all is recommended once all sources are confirmed)
  5. Click "Generate SPF" and publish the resulting record as a DNS TXT record on your domain
🏗️
Build Once, Publish Once

A valid SPF record is a single DNS TXT record starting with v=spf1. You can only have one SPF record per domain — multiple records cause an instant PermerError. Use this generator to build the complete record, then publish it as a single TXT entry.

📋
Include Third-Party Senders

Every service that sends email on your domain's behalf needs an include: entry. Common ones are Google Workspace (_spf.google.com), Mailchimp (servers.mcsv.net), and SendGrid (sendgrid.net). Add each one before publishing.

Test Before You Go Live

After publishing, use the SPF Lookup tool to verify the record resolves correctly and check your DNS lookup count. DNS changes can take up to 48 hours to propagate, so test again after the TTL expires.

Tip: If you already have an SPF record published, do not add a second one. Edit the existing record instead. Two SPF TXT records on the same domain cause an immediate PermerError that fails authentication for all your email.

Shielding Your Domain: Understanding SPF Record Generation

Worried about someone impersonating your email address to send spam or phishing messages? An SPF (Sender Policy Framework) record is your shield against such spoofing attempts. It acts like a caller ID for email, clearly indicating which servers are authorized to send on behalf of your domain. This helps receiving servers identify legitimate messages and protects your reputation.


Creating a complete SPF record requires knowing every service that sends email using your domain — your own mail server, your ESP, transactional email providers, and any marketing platforms. Missing even one can cause legitimate mail to fail authentication.


Implementing a strong SPF record is a crucial step towards ensuring your emails reach their intended recipients. Not only does it prevent spoofing, but it also improves deliverability by giving receiving servers confidence in the origin of your messages. With a well-crafted SPF record in place, your emails are more likely to land in inboxes rather than spam folders.


Once you have it set up, test it with our Email Tester and verify the record with the SPF Lookup tool.

SPF Generator

SPF TAG Specification Explained

TAG MEANING
v Required: This mandatory tag specifies the SPF version being used. Currently, only "v=SPF1" is allowed.
a This tag allows any server with an IP address matching the A record of the specified hostname to send emails. The allowed value is the domain name for which you want to use the A record (e.g., a:campaigncleaner.com).
mx Similar to the "a" tag, this tag permits any server with an IP address matching the MX record of the specified hostname. The allowed value is the domain name for which you want to use the MX record (e.g., mx:campaigncleaner.com).
ip4 This tag specifies an allowed IPv4 address or a range of addresses using CIDR notation. The allowed value is either a single IPv4 address (e.g., ip4:192.168.1.1) or an IP address with a forward slash (/) followed by the CIDR subnet mask (e.g., ip4:192.168.0.0/24).
ip6 Similar to ip4, this tag defines an authorized IPv6 address or a range using CIDR notation. The allowed value is either a single IPv6 address (e.g., ip6:2001:db8::1) or an IP address with a forward slash (/) followed by the CIDR subnet mask (e.g., ip6:2001:db8::/64).
ptr This tag allows mail servers to perform a reverse DNS lookup on the sending server's IP address. If the hostname returned by the reverse lookup matches the specified hostname, the email is considered authorized. The allowed value is the domain name for the reverse DNS lookup (e.g., ptr:campaigncleaner.com).
include This tag allows you to incorporate the SPF record of another domain. This is useful for including subdomains or relying on a third-party email service provider's SPF record. The allowed value is the domain name of the record you want to include (e.g., include:_spf.campaigncleaner.com).
exists The exists mechanism in SPF records offers a way to perform conditional checks based on DNS lookups.
redirect The "redirect" modifier lets a domain hand off its SPF policy to another domain.
all This powerful tag defines how to handle emails from unauthorized sources.

Allowed qualifiers:

  • -all: Rejects emails from unauthorized senders (strict policy).
  • ~all: Soft fails (marks as spam) emails from unauthorized senders (less strict policy).
  • ?all: Neutral — takes no action for unauthorized senders (not recommended).

Frequently Asked Questions

SPF (Sender Policy Framework) is an email authentication protocol that lets domain owners specify which mail servers are authorized to send email on their behalf. It helps prevent email spoofing by giving receiving servers a list of permitted senders to check against. SPF is important because it improves inbox placement for legitimate email and is required for DMARC alignment when DKIM is not present.

To generate an SPF record: identify all IP addresses and services that send email for your domain, use the generator above to build the record with the appropriate mechanisms, choose a failure policy (-all is recommended), copy the generated record, and publish it as a DNS TXT record on your domain. Only one SPF TXT record is allowed per domain. Test after publishing using the SPF Lookup tool.

An SPF record starts with v=spf1 and includes one or more mechanisms: ip4: and ip6: specify individual IP addresses or CIDR ranges, include: incorporates the SPF record of another domain (used for third-party senders like SendGrid or Google Workspace), a: and mx: authorize IPs from the domain's A or MX records, and all specifies the failure policy for unmatched senders (-all for reject, ~all for soft fail, ?all for neutral).

SPF produces these results: Pass means the sending IP is authorized. Fail means the IP is not authorized and the policy specifies rejection (-all). SoftFail means the IP is not authorized but the policy allows delivery with suspicion (~all). Neutral means the policy takes no position (?all). None means no SPF record exists for the domain. PermerError means the record has a syntax error or exceeds the 10-lookup limit.

Common SPF challenges include: exceeding the 10 DNS lookup limit (PermerError), having multiple SPF TXT records on the same domain (only one is allowed), SPF failures on forwarded email where the forwarding server is not in the original domain's record, and failing to include all third-party senders. Regular audits of your include: chain and using ip4: mechanisms instead of include: where possible help avoid these problems.

Best practices for SPF: use -all (HardFail) once all legitimate senders are confirmed, keep your DNS lookup count under 10 by preferring ip4:/ip6: over include: where possible, maintain a single SPF TXT record per domain, update the record whenever you add or remove a sending service, verify with an SPF lookup tool after every change, and pair SPF with DKIM and DMARC for full authentication coverage.

Are You Ready To Experience The Difference?

CC Logo

Become a part of the Campaign Cleaner community today, and join countless satisfied customers who have witnessed significant improvements in their email deliverability and campaign success. Don't let HTML issues hold you back; let Campaign Cleaner optimize your campaigns and boost your inbox rates.

Let's Get Started