SPF Record Builder
Select every service that sends email on behalf of your domain. We generate the SPF record and track your DNS lookups.
Select your email services
Check every service that sends email from your domain (marketing emails, transactional emails, internal email, etc.)
Your SPF Record
v=spf1 ~all DNS Record Details
| Type: | TXT |
| Host/Name: | @ |
| Value: | v=spf1 ~all |
How SPF Records Work
SPF (Sender Policy Framework) is one of three essential email authentication protocols, alongside DKIM and DMARC. It works by publishing a list of authorized sending servers in your domain's DNS records.
When a receiving mail server gets an email claiming to be from your domain, it looks up your SPF record and checks whether the sending server's IP address is on the authorized list. If it is, the email passes SPF. If not, the receiving server can flag or reject the email based on your SPF policy.
The most important thing to remember: you can only have one SPF record per domain, and it cannot exceed 10 DNS lookups. This tool tracks both constraints for you.
Frequently Asked Questions
What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers and services are authorized to send email on behalf of your domain. When a receiving server gets an email from your domain, it checks your SPF record to verify the sending server is authorized.
How many DNS lookups can an SPF record have?
SPF has a hard limit of 10 DNS lookups per record. Each "include" directive counts as one lookup, and nested includes count toward the limit too. If you exceed 10, your SPF record will fail validation entirely. Use this builder to track your lookup count.
What is the difference between ~all and -all?
~all (softfail) tells receiving servers that unauthorized senders should be treated with suspicion but not necessarily rejected. -all (hardfail) tells servers to reject unauthorized senders outright. Most experts recommend ~all because -all can cause legitimate email to be rejected if your SPF record is incomplete.
Can I have multiple SPF records for one domain?
No. Having multiple SPF TXT records for a single domain is invalid and will cause SPF checks to fail. If you need to authorize multiple services, combine them into a single SPF record using multiple include directives.
How do I add an SPF record to Cloudflare?
In Cloudflare, go to DNS > Records > Add Record. Set Type to TXT, Name to @ (or your domain name), and paste your generated SPF record as the Content. TTL can be left on Auto. Save the record and allow up to 48 hours for propagation.