SPFWise
spf

How to Set Up an SPF Record

SPF lists which servers may send mail as your domain. Here is how to build the record correctly, end it with a strong policy, and stay under the lookup limit.

Jul 3, 20264 min read

SPF (Sender Policy Framework) is a single DNS TXT record that lists which servers may send email for your domain. Setting it up takes a few minutes and stops the simplest form of spoofing. Here is how to do it correctly.

Step 1: list your senders

Write down every service that sends mail as your domain: your mailbox provider (Google Workspace, Microsoft 365), plus any marketing, invoicing, helpdesk or CRM tools. Each one publishes an SPF include you will need.

Step 2: build the record

An SPF record starts with v=spf1, lists your senders, and ends with an all mechanism. For a domain sending through Google Workspace and one marketing tool:

v=spf1 include:_spf.google.com include:sendgrid.net -all

  • include: pulls in a provider's authorized servers.
  • -all (hardfail) tells receivers to reject anything not listed. This is the strongest ending and the one to aim for.
  • ~all (softfail) marks unlisted mail as suspicious instead of rejecting. Use it only while testing.

Step 3: publish one record

Add the record as a TXT record on your root domain. Publish exactly one SPF record. Two SPF records is a configuration error that causes a permerror and breaks authentication.

Step 4: watch the ten lookup limit

SPF may trigger at most ten DNS lookups when evaluated. Each include counts, and providers stack up fast. If you cross the limit you get a permerror. See how to fix SPF too many DNS lookups.

Step 5: verify

Publish, wait for DNS to propagate, then scan your domain to confirm the record is valid, within the lookup limit, and ends with a strong all qualifier.

Reads public DNS only. Nothing is stored unless you save the domain to an account.

SPF is only one layer. Pair it with DKIM and DMARC for real protection.

Check your own domain

Run a free scan and get your grade with the exact records to fix.

Scan a domain

Related guides

How to Set Up an SPF Record (with Examples) | SPFWise