Setting Up SPF Records
SPF (Sender Policy Framework) helps prevent unauthorized individuals from sending emails on your domain’s behalf by specifying which hosts are authorized to send email from your domain.
SPF records are published as TXT records in your DNS zone. The record contains a list of IP addresses and/or hostnames that are permitted to send email from your domain.
Note
SPF is one of three key email authentication protocols. For comprehensive email security, you should also set up DKIM and DMARC. Together, these protocols help protect your domain from spoofing and improve email deliverability.
Warning
As of August 11th, 2025, SPF records defined using the dedicated SPF RR (Resource Record type 99) are no longer supported by major email providers and DNS services. All SPF records must now be defined using the TXT record type. This documentation reflects the current recommended practices for SPF record management using TXT records. For more information, see the official announcement.
Steps to set up SPF
Set up an SPF record
- Use the account switcher at the top right corner of the page to select the appropriate account.
- From the list, click the domain where you want to set up SPF.
- On the domain page, click at the top-right to open the .
- In the , click , and select TXT as the record type.
-
Enter the SPF record information:
-
Name field: Leave this blank or enter
@to create the record at the root of your domain (e.g.,yourdomain.com). This is the standard location for SPF records. -
Content field: Enter your SPF record. SPF records must start with
v=spf1. A basic SPF record might look like this:
v=spf1 include:_spf.google.com ~allOr for a domain that sends email from its own mail server:
v=spf1 ip4:192.0.2.1 ~all -
Warning
A domain should have only one SPF record. If you already have an SPF record, modify the existing record rather than creating a new one. Multiple SPF records can cause email delivery issues.
Common SPF record examples
Google Workspace:
v=spf1 include:_spf.google.com ~all
Note
For complete setup instructions, see Google Workspace Service.
Microsoft 365:
v=spf1 include:spf.protection.outlook.com ~all
Note
For complete setup instructions, see Microsoft 365 Service.
SendGrid:
v=spf1 include:sendgrid.net ~all
Postmark:
v=spf1 include:spf.mtasv.net ~all
Multiple providers:
v=spf1 include:_spf.google.com include:spf.mtasv.net ~all
Domain’s own mail server plus providers:
v=spf1 ip4:192.0.2.1 include:_spf.google.com ~all
Note
For general guidance on using third-party email services with DNSimple, see Email Hosting Support.
Understanding SPF mechanisms
SPF records use various mechanisms to specify authorized senders. This is a brief overview of the most commonly used mechanisms:
-
include:- Include the SPF record from another domain (commonly used for email service providers). -
ip4:- Authorize a specific IPv4 address or range. -
ip6:- Authorize a specific IPv6 address or range. -
a- Authorize the domain’s A record. -
mx- Authorize the domain’s MX records. -
~all- Soft fail for all other senders (recommended for gradual deployment). -
-all- Hard fail for all other senders (strict policy). -
?all- Neutral for all other senders (testing mode).
Note
This is a brief overview. For a comprehensive breakdown of SPF record format, all available mechanisms and modifiers, their specific syntax, and important validation rules (including the 10-DNS-lookup limit), see SPF Record Syntax and Validation Reference.
Managing SPF records
SPF records are added as TXT records. To update or remove them, follow the instructions in the Record Editor guide.
Note
A domain should have only one SPF record. If you need to authorize multiple email providers, combine them using multiple include: mechanisms in a single SPF record.
Verifying your SPF record
After setting up your SPF record, verify it is working correctly. For step-by-step instructions, see Verifying SPF with dig and Online Tools.
Troubleshooting
If you are experiencing issues with your SPF record, contact support for help diagnosing and resolving common problems.
Technical details
The specification for the Sender Policy Framework is primarily defined in RFC 7208, which supersedes RFC 4408.
Related topics
Email authentication
- What Is an SPF Record? - Introduction to SPF records
- SPF Record Syntax and Validation Reference - Complete reference guide for SPF syntax
- Verifying SPF with dig and Online Tools - How to verify your SPF record
- Setting Up DKIM - Set up DKIM authentication
- Setting Up DMARC - Set up DMARC policy
Email service integration
- Google Workspace Service - Set up Google Workspace with DNSimple
- Microsoft 365 Service - Set up Microsoft 365 with DNSimple
- Email Hosting Support - Options for third-party email hosting
- Setting Up MX Records for Email Hosting - Configure MX records for email hosting
DNS management
- How to Use the Record Editor - Guide to managing DNS records
- What Is a TXT Record? - Understanding TXT records
Have more questions?
If you have additional questions or need any assistance with your SPF records, just contact support, and we’ll be happy to help.