SPF Record Generator

You'll see the generated SPF record here once you enter a valid domain.

About this SPF Generator – Fast & wizard-based

Generate a valid SPF TXT record in seconds. Enter your domain, click the Generate SPF button, then fine-tune it with our SPF generator wizard—your record updates live. This tool is online, no sign-up, and completely free.

How to use the Generator

  1. Type a domain you want to create an SPF record for.
  2. Click Generate SPF. We generate SPF TXT record.
  3. Adjust in the configuration by using the wizard below.
  4. Copy the SPF record from the table or download complete SPF setup instructions.
  5. Publish the TXT at your DNS host (find the provider-specifi instructions in the downloaded file).
  6. After publishing, use an SPF checker to verify the record.

What is an SPF record?

SPF (Sender Policy Framework) record is a DNS TXT record that lists the servers and services allowed to send email for your domain. Mail receivers check it during SMTP to spot and block spoofed messages. Use it alongside DKIM and DMARC for full protection and improving deliverability.

SPF wizard – terms and explainations

IPv4 addresses

  • Add one or more IPs that send emails for your domain.
  • Comma or space separated, e.g., 203.0.113.5 203.0.113.0/24

Domains

  • Add one or more services that send emails for your domain.
  • Comma or space separated, e.g., spf.mailprovider.com

Mechanisms

  • Authorize domain A/AAAA a – Allows any IP address returned by your domain’s A/AAAA DNS records to send mail for you. Enable this if those hosts actually send mail.
  • Authorize MX hosts mx – Allows the IPs of the servers named in your MX records (your inbound mail exchangers) to send mail. Enable this if those MX servers also send outbound mail on your behalf

Policy

  • The SPF policy is the final all mechanism that decides what to do when nothing else matches.
    • -all = fail; Reject emails not coming from authorized servers. (Strict, recommended for domains that only send mail from known servers.)
    • ~all = softfail; Mark unauthorized emails as suspicious but still accept them. (Safer for rollout/testing, commonly used.)
    • ?all = neutral; No policy applied. (Not recommended, offers little protection.)
    • +all = pass; Everyone is allowed. (Never use this, makes SPF useless.)

Redirect (optional)

  • Delegate evaluation to another domain’s SPF

SPF best practices & tips

  • One record per domain — Publish a single TXT SPF record per domain/subdomain—never multiple. If you have duplicates, merge them to avoid permerror.
  • Stay under the 10-lookup limit
  • Start soft, then enforce — Begin with ~all while you verify mail flow, then move to +all when you’re confident only authorized senders are covered.
  • Never use +all — it effectively authorizes the entire internet—don’t use it.

FAQ

  • Can I publish more than one SPF record?
    No. Publish one TXT record with all mechanisms combined. Multiple records trigger permerror and can break authentication.
  • Is “SPF” a TXT record or its own record type?
    Use TXT. The legacy SPF type was deprecated; TXT is the standard format supported everywhere.
  • What’s the safe default policy?
    Start with ~all to monitor, then move to -all when you’re confident only authorized sources send mail.
  • What counts toward the 10-lookup limit?
    Lookups from include, a, mx, exists, and redirectcount. ip4, ip6, and all do not.
  • My record is long. Is that OK?
    Yes, if any single quoted string stays under 255 characters. DNS lets you split a TXT value into multiple quoted parts in the same record.
  • Do I still need DKIM and DMARC?
    Yes. SPF alone doesn’t protect message content or alignment; pair with DKIM and publish a DMARC policy for best results.

👉 Simple email sending?

Sending emails can be a hassle. We make it easy and fast. Join us to reliably send transactional and marketing emails in no time. You'll love our simple API and flexible hands-on support.

Get started now