Add include mechanisms for your email providers. Each adds 1 DNS lookup.
IP Addresses
▾
Authorize specific IP addresses or ranges. Does NOT count toward DNS lookups.
Enter single IP or CIDR notation (e.g., 192.168.1.0/24)
Custom Include
▾
Add custom include mechanisms. Each adds 1 DNS lookup.
include:
A & MX Records
▾
Authorize servers based on your domain's A or MX records. Each adds 1 DNS lookup.
Fail Policy (All Qualifier)
▾
What should happen to emails from unauthorized senders?
SPF Validation Results
Checking...
Grade
A
Score
100/100
Validated Record
Parsed Components
Issues
Warnings
Information
Recommendations
What This Means
This is a validation result, not a DNS lookup. The SPF record above has been checked for correct syntax and compliance with email authentication standards. If valid, this record is ready to be added to your domain's DNS settings.
Understanding SPF Records
An SPF (Sender Policy Framework) record is a DNS TXT record that you publish on your domain's nameserver. It tells receiving mail servers which IP addresses and services are authorized to send email on behalf of your domain. Without an SPF record, emails from your domain may be marked as spam or rejected entirely.
How to Add This Record to Your Domain
Log in to your domain registrar or DNS host — This is where you purchased your domain (e.g., GoDaddy, Namecheap, Cloudflare, Google Domains, AWS Route 53).
Navigate to DNS Management — Look for "DNS Settings," "DNS Records," "Zone Editor," or "Manage DNS" in your control panel.
Add a new TXT record with these settings:
Type: TXT
Host/Name: @ (or leave blank for root domain)
Value: Paste the validated SPF record from above
TTL: 3600 (or 1 hour, or use default)
Save your changes — DNS propagation typically takes 5-30 minutes, but can take up to 48 hours globally.
Verify your record is live — Use the SPF Analyzer to confirm your record is published correctly.
Important: You can only have one SPF record per domain. If your domain already has an SPF record, you'll need to merge the mechanisms (include:, ip4:, etc.) into a single record rather than creating a second one.
Check your current record — Use the "Lookup Domain" tab above. Enter your domain (e.g., yourbusiness.com) to see if you already have an SPF record.
Build your SPF record — Click "Build SPF" and select your email provider(s). Don't know which one? See the guide below.
Copy your new record — Click the copy button next to your generated SPF record.
Add it to your DNS — Log into where you bought your domain (GoDaddy, Namecheap, Google Domains, etc.) and add a TXT record.
Verify it works — Wait 5-10 minutes, then use "Lookup Domain" again to confirm your record is live.
Which Email Provider Do I Use?
Not sure which email service to add? Here's how to tell:
Google Workspace / Gmail
You log into mail.google.com or Gmail app for your business email. Your email might end in @gmail.com or your custom domain through Google.
Microsoft 365 / Outlook
You log into outlook.com or use the Outlook app. Common if your business uses Microsoft Office products.
Email Marketing Tools
If you send newsletters or marketing emails, add those too: Mailchimp, SendGrid, Constant Contact, HubSpot, etc.
Still not sure?
Check your email settings or ask whoever set up your email. You can also look at a recent email you sent — the "from" address domain is what you need to protect.
Understanding the Builder Options
DNS Lookups: 0/10
SPF has a limit of 10 "lookups" (checking other servers). Each email provider you add uses 1 lookup. If you exceed 10, your SPF record will break. Most small businesses use 2-4 lookups.
Fail Policy: ~all vs -all
~all (Soft Fail) — Recommended for beginners. Emails from unauthorized servers get marked as suspicious but still delivered. Safer while you're getting set up. -all (Hard Fail) — Strict mode. Emails from unauthorized servers are rejected entirely. Use this once you're confident your SPF is complete.
IP Addresses
Only needed if you have your own email server or a specific server that sends emails. Most small businesses using Gmail/Outlook don't need to add IPs.
A & MX Records
Advanced options. Check "mx" if your website hosting also sends emails. Most users can skip this section.
Where Do I Add My SPF Record?
After building your SPF record, you need to add it to your domain's DNS settings. This is usually where you bought your domain:
GoDaddy: My Products → DNS → Add Record → TXT
Namecheap: Domain List → Manage → Advanced DNS → Add New Record
Google Domains: My Domains → DNS → Custom Records
Cloudflare: Select Domain → DNS → Add Record
Squarespace: Settings → Domains → DNS Settings
When adding the record:
• Type: TXT
• Host/Name: @ (or leave blank)
• Value: Paste your SPF record (starts with v=spf1)
• TTL: 3600 (or "1 hour" or leave as default)
Build SPF Records the Right Way
SPF (Sender Policy Framework) records protect your domain from email spoofing by specifying which servers are allowed to send email on behalf of your domain. This tool helps you build SPF records correctly with a visual builder, validates syntax before you publish, and provides actionable recommendations based on best practices.
Related Tools
Lookup Domain Data at Scale
DNS Explorer — Run bulk DKIM, SPF, and DMARC lookups across thousands of domains. Built for security teams, MSPs, and IT administrators who need to audit email authentication configurations across their entire domain portfolio.
