SPF Record Generator
Build a valid SPF record — with a live check against the 10-lookup limit.
Your SPF record
Add this as a TXT record on yourdomain.com (the root):
Verify after publishing
What is an SPF record?
SPF (Sender Policy Framework) is a TXT record that lists which mail servers are allowed to send email for your domain. Receivers check it to help decide whether incoming mail is genuine. A correct SPF record is the foundation of email deliverability and anti-spoofing — and it's a prerequisite for DMARC.
The 10-lookup limit
SPF allows a maximum of 10 DNS lookups when a receiver evaluates your record. Every include, a, mx, ptr, exists and redirect counts. Exceed 10 and SPF returns a PermError — effectively failing. ip4 and ip6 entries cost nothing, so prefer them where you can. This generator counts your lookups live.
~all vs -all
~all (soft fail) marks unauthorized mail as suspicious but still accepts it — the safe default while you're getting set up. -all (hard fail) tells receivers to reject unauthorized mail outright — use it once you're confident every legitimate sender is listed.
Frequently asked questions
No. A domain must have exactly one SPF (v=spf1) TXT record. Multiple SPF records cause a PermError. Merge everything into a single record.
Replace some includes with their published ip4/ip6 ranges (SPF flattening), remove senders you no longer use, or consolidate providers. ip4/ip6 entries don't count toward the limit.
No — SPF only checks the envelope sender and breaks on forwarding. Pair it with DKIM and a DMARC policy for real protection. Use our DMARC generator next.