How to Create and Publish an SPF Record from Scratch

SPF record creation
  1. Identify Email Senders
    To begin, identify all sources that send emails on behalf of your domain. This includes not only dedicated IP addresses but also third-party email service providers that you rely on for sending emails. For example, here’s an SPF record:

v=spf1 ip4:192.168.1.1 include:spf.google.com ~all

2. Create the SPF Record

SPF Version: Start with v=spf1, which signifies it’s an SPF record. This will always be v=spf1 since other versions are no longer supported.

  • Authorized IPs: Add the IP addresses that are allowed to send emails on behalf of your domain.Example: v=spf1 ip4:60.103.100.201 ip6:1001:db8:85a3:8d3:1319:8a2e:370:5647
  • Third-party Sources: Use the ” include” tag to list any third parties that send emails on your behalf.
    Example: v=spf1 ip4:60.103.100.201 ip6:1001:db8:85a3:8d3:1319:8a2e:370:5647 include:spf.google.com
  • End with “all”: The all tag specifies how strict the policy is when an unauthorized server tries to send an email.
      • -all: Fail emails from unauthorized servers are rejected.
      • ~all: Soft fail, emails are accepted but marked (recommended).
      • +all: Accept all (not recommended).
      • ?all: Neutral, no policy is applied to unauthorized senders, and the receiving server is free to make its own decision (not recommended).

Example: v=spf1 ip4:60.103.100.201 ip6:1001:db8:85a3:8d3:1319:8a2e:370:5647 include:spf.google.com ~all

For Inactive or Parked Domains
For domains that don’t send email, it’s recommended to create an SPF record that prevents misuse:
v=spf1 -all

For verification, you can use our free SPF Record Checker tool to check your SPF records and make sure that the record are valid and have no issues.

How to Publish an SPF Record in The DNS

To make the process easier, you can start by using our SPF Record Generator to create your SPF record, ensuring it’s free from any syntax errors. Once you’ve generated and confirmed that it’s a valid SPF record, the next step is to publish it in your DNS.  For example, let’s say the generated SPF record is: “v=spf1 include:_spf.google.com ~all“.
Here’s how to add it:

  • Copy the SPF record.
  • Access your DNS settings.
  • Create a new TXT record.
  • In the Host/Name field, enter either @ or your domain name (depending on your DNS provider).
  • In the Content/Value field, paste the SPF record.
  • Save the record.

Each domain or subdomain can have only one SPF record. If you send emails from multiple sources, all of them should be combined into a single SPF record. For example:
v=spf1 include:_spf.google.com ip4:10.0.0.1/20 mx a ~all

Share This Post

More To Explore

Blog

What is an SPF Record ?

An SPF (Sender Policy Framework) record is like a list that tells email servers which IP addresses are allowed to send emails on behalf of