SPF Record Generator

Free SPF record generator. Pick your email providers and IPs, choose a policy, and copy a valid SPF TXT record — with a live 10-lookup-limit counter.

What this generator does

This tool builds a valid SPF record from the email providers you send through plus any of your own IPs, and gives you the TXT record to publish at your domain apex. SPF lists who is authorized to send mail for your domain; receiving servers check the connecting IP against it.

Watch the 10-lookup limit

SPF has a hard limit of 10 DNS lookups. Every include: (and a, mx, exists) counts, and nested includes count too. Exceed it and SPF returns PermError and stops working entirely. This generator shows a live lookup counter so you don't blow the limit.

FAQ

Where do I publish the SPF record?

As a single TXT record at your domain apex (host @). Never publish two v=spf1 records on the same name — that's a permanent error that breaks SPF.

Should I use ~all or -all?

~all (softfail) is the safe default — failing mail is marked suspicious but not rejected. Move to -all (hardfail) once you're confident every legitimate sender is included.

What if I have more than 10 lookups?

Reduce include: entries, or use "SPF flattening" — replacing includes with the literal ip4:/ip6: ranges they resolve to. The counter here warns you before you exceed the limit.

Does SPF alone stop spoofing?

No. SPF breaks on forwarding and only checks the envelope sender. Pair it with DKIM and a DMARC policy for real protection.

How do I check it worked?

After publishing, use the SPF check. See the SPF glossary entry for mechanism detail.

Background reading

See the DNS Records Explained guide, plus DKIM and DMARC.