Speak to an Email Deliverability Consultant FOR FREE

Free SPF Record Generator

Q: What is an SPF record?

An SPF record is a DNS TXT record that lists which IP addresses and domains are authorized to send email on behalf of your domain. SPF stands for Sender Policy Framework.

Q: Can I have multiple SPF records for one domain?

No. DNS allows only one SPF record per domain. Publishing multiple SPF records causes authentication failures. Combine all authorized sources into a single record.

Q: What is the SPF 10 DNS lookup limit?

SPF records can trigger up to 10 DNS lookups. Each include:, mx, a, and exists mechanism counts as one lookup. Exceeding 10 lookups returns a PermError and causes authentication to fail.

Q: What are examples of common SPF records?

Google Workspace: v=spf1 include:_spf.google.com ~all — Domain that doesn't send email: v=spf1 -all — Authorize specific IPs only: v=spf1 ip4:203.0.113.5 ip4:198.51.100.0/24 -all

Q: What is an SPF PermError?

A PermError (permanent error) occurs when your SPF record has syntax errors or exceeds the 10 DNS lookup limit. Mail servers treat PermError the same as if there were no SPF record — authentication fails for all emails.

Q: How do I check my SPF lookup limit?

Use EmailWarmup.com's SPF checker tool to analyze your record. The tool counts DNS lookups and flags records that exceed or approach the 10-lookup limit.

Q: How strict should my SPF policy be?

Start with soft fail (~all) during testing so emails aren't rejected while you identify all sending sources. Switch to hard fail (-all) once you've confirmed every legitimate sender is in your SPF record. Hard fail provides stronger protection against spoofing.

Generate Your SPF Record in Under 60 Seconds

Our free SPF record generator creates valid, error-free SPF records that authorize your sending sources in DNS — you don’t need any technical knowledge.

Let's secure your domain!
Enter the domain to set up SPF records

Trusted by 1000+ companies

How to Publish Your Generated SPF Record in DNS

Publishing an SPF record means creating a TXT record in your domain's DNS zone. Most domain registrars and DNS hosting providers (GoDaddy, Cloudflare, Route 53, Namecheap) have a DNS management console where you add records manually.

Step 1: Log in to your DNS provider

Access your domain registrar or DNS hosting control panel. Look for "DNS Management," "Zone Editor," or "Advanced DNS."

Step 2: Navigate to your domain's DNS zone

Find the domain you're configuring SPF for. Select it to open the record editor.

Step 3: Create a new TXT record

Choose "Add Record" or "Create Record." Set the record type to TXT.

Step 4: Set the hostname

Leave the hostname field blank (or enter @) to publish the SPF record at your root domain. Some providers require _spf as the hostname — check your DNS documentation.

Step 5: Paste your generated SPF record

Copy the SPF record from EmailWarmup.com's generator and paste it into the "Value" or "TXT Content" field.

Step 6: Set TTL (Time to Live)

Use the default TTL (usually 3600 seconds / 1 hour) or set a custom value. Lower TTL values propagate changes faster but increase DNS query load.

Step 7: Save changes

Click "Save," "Add Record," or "Publish" to commit the SPF record to DNS.

Step 8: Verify your SPF record

Wait 10-30 minutes for DNS propagation. Use EmailWarmup.com's free SPF checker to confirm the record is published correctly and contains no syntax errors.

SPF Mechanisms That Authorize Your Sending Sources

An SPF record starts with v=spf1 and ends with an all mechanism. Everything in between defines which mail servers and IP addresses can send email for your domain.

Mechanism	What It Does	Syntax Example	DNS Lookups
v	Protocol version (always spf1)	v=spf1	0
ip4	Authorizes IPv4 addresses or CIDR ranges	ip4:192.168.0.1 ip4:10.0.0.0/24	0
ip6	Authorizes IPv6 addresses or ranges	ip6:2001:db8::1	0
a	Authorizes IPs in your domain's A records	a or a:example.com	1 per domain
mx	Authorizes IPs in your domain's MX records	mx or mx:example.com	1 per domain
include	Delegates authorization to another domain's SPF policy	include:_spf.google.com	1 per include
exists	Passes if an A record exists for the specified domain	exists:%{i}.example.com	1
redirect	Replaces your entire SPF policy with another domain's policy	redirect=example.com	1
ptr	Checks reverse DNS hostname (deprecated, RFC 7208)	ptr	1 per PTR
all	Catch-all for non-matching sources (always last)	-all ~all ?all	0

SPF Qualifiers and Policy Enforcement

SPF qualifiers control what happens when a sending source matches (or doesn't match) a mechanism in your record.

Qualifier	Name	What It Means
+	Pass	Explicitly authorized (default, rarely written)
-	Fail (Hard Fail)	Reject the email outright
~	Soft Fail	Accept, but mark as suspicious.
?	Neutral	No policy (same as no SPF record)

SPF Alone Won’t Stop Spoofing!

Your SPF record doesn't protect against spoofing because the email technically passes SPF for attacker.com (not yourcompany.com). You need a proper email authentication setup to improve your inbox rate. At EmailWarmup.com, you can talk to an email deliverability consultant for free and let our team:

Help you with email segmentation, strategy, and audit

Configure SPF, DKIM, and DMARC for your domain

Fix authentication issues, killing your inbox rate

Remove you from email blacklists

Book your time today and make sure your email infrastructure is 100% bulletproof — so your emails land in the inbox instead of spam or promotions.

Frequently asked questions
about our FREE SPF Generator

Here’s everything you need to know about our SPF Generator:

What is an SPF record?

Can I have multiple SPF records for one domain?

What is the SPF 10 DNS lookup limit?

What are examples of common SPF records?

What is an SPF PermError?

How do I check my SPF lookup limit?

How strict should my SPF policy be?