FREE TOOL
Create valid SPF records for your domain to protect against email spoofing and improve deliverability with our automated generator.
CONFIGURE RECORD
Add IPv4 or IPv6 addresses that are authorized to send email from your domain
Include SPF records from email services like Google Workspace, Mailchimp, etc.
Include your domain's A or MX records as authorized senders
Define how to handle emails from unauthorized servers
Messages from unauthorized servers will be marked as suspicious but not rejected
Learn about SPF record components, best practices, and why automated generation helps prevent common configuration errors.
IP addresses (ip4: and ip6:)
Authorize specific IPv4 or IPv6 addresses to send email from your domain.
Include mechanisms (include:)
Reference other domains' SPF records, useful for third-party email services.
A and MX mechanisms
Authorize servers listed in your domain's A or MX DNS records.
Policy qualifier (all mechanism)
Defines how to handle emails from unauthorized sources: ~all (soft fail), -all (hard fail), or ?all (neutral).
Creating SPF records manually is error-prone and complex. Common mistakes include exceeding the 10 DNS lookup limit, using deprecated mechanisms, or incorrect syntax that breaks email authentication entirely.
Our generator automatically validates your configuration, ensures proper formatting, and follows SPF best practices. This prevents deliverability issues and protects your domain from spoofing attacks while maintaining compliance with email authentication standards.
Use our free SPF Generator tool. Simply list your authorized IP addresses, include any third-party email services (like Google or Outlook), and choose your policy. The tool will automatically generate the correct TXT record for you.
You should include all IP addresses and mail servers that send email on behalf of your domain. This includes your own web servers, office IP addresses, and any third-party services like marketing platforms (Mailchimp, HubSpot) or helpdesk software.
No, a domain must have only one SPF record. If you have multiple sources, you must combine them into a single TXT record. Our generator helps you do this correctly.
~all (Soft Fail) tells receivers to accept unauthorized emails but mark them as suspicious. -all (Hard Fail) tells receivers to reject unauthorized emails completely. We recommend starting with ~all to avoid delivery issues.
InboxKit automatically generates and manages SPF records for all your domains
