SPF Record Builder
Select every service that sends email from your domain and get a valid SPF TXT record — with lookup count warnings.
Select every service that sends email on behalf of your domain.
Add any additional include mechanism not listed above.
What to do with emails from senders not in your SPF record.
DNS Record Name
yourdomain.com Record Value
0/10 DNS lookupsv=spf1 -all How to publish this record
- Log in to your DNS provider
- Create a new TXT record
- Set the Name/Host to
@(your root domain) - Paste the record value above into the Value/Content field
- Delete any existing SPF records — you can only have one SPF TXT record
- Save and wait up to 48 hours for propagation
Test this SPF record and get a validation report
No spam. Unsubscribe any time.
Validation report sent! Check your inbox.
SPF Common Mistakes
Too many DNS lookups (>10)
SPF is limited to 10 DNS lookups. Each include: counts as one. Exceeding this causes a PermError, which means the entire SPF record is invalid — worse than having no SPF at all.
Multiple SPF records
You can only have ONE SPF TXT record on your root domain. Multiple records cause a PermError. If you need to combine, merge them into a single record.
Using ~all instead of -all
~all (SoftFail) marks unauthorized emails but doesn't reject them. This is fine for testing but leaves the door open for spoofing. Move to -all once you've verified all legitimate senders.
Forgetting third-party senders
Every service that sends email on your behalf (CRM, helpdesk, marketing automation) needs to be included. Missing one means those emails may fail SPF checks.
Related Free Tools
Monitor Your SPF Record 24/7
SPF records break when you add new senders and forget to update them. InboxEagle monitors your SPF, DKIM, and DMARC continuously — alerting you the moment authentication fails.
Start Free 14-Day TrialNo credit card required · Cancel anytime
Not ready yet? See how DMARC Monitoring works →