How to setup an SPF record?
Create a DNS TXT record at your root domain with format: v=spf1 include:_spf.google.com ~all
Detailed Answer
SPF (Sender Policy Framework) setup requires adding a DNS TXT record that lists authorized mail servers.
Step-by-step setup:
- Identify your email senders List all services sending email on your behalf:
- Email provider (Google Workspace, Microsoft 365, etc.)
- Marketing platforms (Mailchimp, SendGrid, etc.)
- Transactional email services (Postmark, AWS SES, etc.)
- Build your SPF record
Format:
v=spf1 [mechanisms] [qualifier]all
Example for Google Workspace:
v=spf1 include:_spf.google.com ~all
Example for multiple senders:
v=spf1 include:_spf.google.com include:sendgrid.net ip4:203.0.113.1 ~all
- Add the DNS TXT record
- Log into your DNS provider (Cloudflare, Route 53, etc.)
- Create new TXT record
- Name/Host: @ (root domain)
- Value: Your SPF record string
- TTL: 3600 (1 hour)
- Verify with IntoDNS.ai Scan your domain to verify:
- Record is published correctly
- No syntax errors
- All senders are included
- Under 10 DNS lookup limit
Common mistakes:
- Multiple SPF records (only one allowed)
- Exceeding 10 DNS lookup limit
- Missing include: for third-party senders
- Using -all before testing (use ~all first)
SPF qualifiers:
~all(softfail) - Recommended for testing-all(hardfail) - Strict enforcement after verification+all(pass) - Never use, allows anyone?all(neutral) - No protection
Check your domain now
Use IntoDNS.ai to scan your domain and get instant email insights.
Scan Your DomainRelated Questions
What is SPF, DKIM, and DMARC?
SPF, DKIM, and DMARC are email authentication standards that verify sender identity and prevent email spoofing.
How to setup DMARC?
Add a DNS TXT record at _dmarc.yourdomain.com with policy: v=DMARC1; p=none; rua=mailto:[email protected]
Why do my emails go to spam?
Emails go to spam when missing SPF, DKIM, or DMARC authentication, or when sent from blacklisted servers.