Ultra Web Hosting

SPF Record Generator

Generate a valid SPF record for your domain. Select your email providers, add custom IPs, and get a ready-to-paste DNS TXT record.

SPF Record Generator

Build a valid SPF record for your domain. Select your email providers, add any custom sending IPs, choose your enforcement policy, and copy the generated TXT record to add to your DNS.

Build Your SPF Record
Your Domain
This is for reference only — the SPF record itself does not contain your domain name.
Authorized Email Providers
Select all services that send email on behalf of your domain.
Domain-Based Authorization
Authorize servers based on your domain's existing DNS records.
Custom IP Addresses
Add specific IPv4 or IPv6 addresses or ranges (CIDR notation). One per line.
Custom Includes
Add additional include domains not listed above. One per line.
Enforcement Policy
What should receiving servers do with email from unauthorized senders?
Generated SPF Record
v=spf1 ~all
click to copy
Record Type
TXT
Host / Name
@ (or leave blank — your domain root)
DNS Lookups
0 of 10
Record Length
14 characters
Validate an Existing SPF Record Generate DKIM Record Generate DMARC Record

About This Tool

Building an SPF record by hand means memorizing the syntax for includes, ip4 ranges, mechanisms, and qualifiers. This generator does it for you. Select your email providers from a list, add any custom sending IPs, choose your enforcement policy, and the tool assembles a valid SPF TXT record in real time. It also counts DNS lookups against the 10-lookup limit defined by RFC 7208 and warns you if you are approaching it. The generated record is ready to copy and paste into your DNS provider.

How to Use

Check the boxes for each email service that sends mail on behalf of your domain (Google Workspace, Microsoft 365, SendGrid, Mailchimp, etc.). Enable the MX or A mechanisms if your web server or mail server should be authorized. Add any custom IP addresses or additional include domains. Choose your enforcement policy: ~all (soft fail) is a safe starting point, -all (hard fail) is recommended once you have confirmed all senders. The record updates live as you make changes — click it to copy.

Tips & Best Practices

Start with ~all (soft fail) while you audit your senders, then switch to -all (hard fail) once everything is verified. Keep an eye on the DNS lookup counter — every include, a, mx, and redirect counts as one lookup, and the total across all levels of recursion must not exceed 10. If you are over the limit, replace includes with explicit ip4 entries (called "flattening"), though you will need to update them manually if the provider changes their IPs.

Related Tools

SPF Record Lookup → DKIM Record Generator → DMARC Record Generator → DNS Health Report →

Need reliable hosting? These free tools are brought to you by Ultra Web Hosting. Fast, secure shared and reseller hosting with 24/7 expert support. View hosting plans →

© 2026 Ultra Web Hosting. All rights reserved.

All Tools Website Status Checker WHOIS Lookup Hosting Plans