Skip to main content
CheckTown
Generators

SPF Generator: Authorize Email Senders

Published 5 min read
In this article

What Is SPF?

SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are authorized to send email on behalf of your domain. It is published as a DNS TXT record and checked by receiving mail servers to verify that incoming messages come from approved sources.

Without an SPF record, anyone can send email claiming to be from your domain. SPF gives domain owners a way to declare which IP addresses and services are legitimate senders, helping receivers identify and filter forged messages.

How SPF Records Work

An SPF record is a single DNS TXT record starting with v=spf1 followed by mechanisms that define authorized senders. The receiving server evaluates these mechanisms left to right and applies the result qualifier (pass, fail, softfail, or neutral).

  • Mechanisms — include: (reference another domain's SPF), ip4:/ip6: (allow specific IPs), a (allow domain's A record), mx (allow domain's mail servers), all (catch-all)
  • Qualifiers — + (pass, default), - (fail/reject), ~ (softfail, accept but mark), ? (neutral). The all mechanism at the end usually uses -all (hard fail) or ~all (soft fail)
  • DNS lookup limit — SPF evaluation has a maximum of 10 DNS lookups. Each include:, a, mx, ptr, and redirect counts as one lookup; exceeding this limit causes a permanent error

Try it free — no signup required

Generate Your SPF Record →

When To Configure SPF

Every domain with email service needs a properly configured SPF record to ensure reliable delivery and prevent abuse.

  • Email deliverability — without SPF, your messages are more likely to land in spam folders because receivers cannot verify your sending authorization
  • Multi-service setups — modern businesses use multiple email services (Google Workspace, SendGrid, Mailchimp); SPF consolidates all authorized senders into one record
  • Anti-spam compliance — major email providers require SPF as part of their bulk sender requirements; Google and Yahoo mandate SPF for senders with 5,000+ daily messages

Frequently Asked Questions

What happens if my SPF record exceeds 10 DNS lookups?

If the SPF evaluation requires more than 10 DNS lookups, it results in a permanent error (permerror), and many receivers treat this as an SPF failure. To fix this, flatten your SPF record by replacing include: references with their resolved IP addresses, or use an SPF flattening service that automatically maintains the IPs.

Should I use -all or ~all at the end of my SPF record?

Use ~all (softfail) when first setting up SPF, which marks unauthorized messages but does not reject them. Once you have confirmed that all legitimate senders are included, switch to -all (hard fail) to instruct receivers to reject unauthorized messages. Combined with DMARC, even ~all provides strong protection.

Can I have multiple SPF records for one domain?

No. The SPF specification requires exactly one SPF TXT record per domain. Multiple SPF records cause a permanent error, and receivers may ignore all of them. If you need to authorize multiple services, combine them into a single record using multiple include: mechanisms (up to the 10-lookup limit).

Related Tools

DMARC Generator: Protect Your Email DomainGenerate a DMARC DNS record to prevent email spoofing and improve deliverability.Read article → How to Generate Perfect Meta Tags for SEOCreate optimized meta tags, Open Graph, and Twitter Cards with live previews.Read article → robots.txt Generator: Control Search Engine Crawling for Your SiteLearn robots.txt syntax, create rules for search engines and AI crawlers, and avoid common SEO mistakes.Read article →
Back to Blog