Product Email Outreach Deliverability & Warmup Unibox & CRM Lead Finder Email Infrastructure Email Finder & Verification Solutions Lead Gen Agencies SaaS Founders Sales Teams Recruiters Resources Blog Help Center Free Tools API Docs Why us Pricing Sign in Start free
Free ToolsSPF Record Generator

SPF Record Generator

Build a correct, copy-ready SPF record from the providers you actually send through — no syntax to memorize, no risk of the dreaded multiple-record error.

Email Authentication

SPF Record Generator

Select the services that send email for your domain, choose a policy, and we'll assemble one valid, copy-ready SPF record — no syntax to memorize.

1 · Who sends mail for you?


2 · Custom senders (optional)


3 · Policy for everyone else

Start with ~all while you confirm every sender is included, then tighten to -all.

Your SPF record

v=spf1 ~all

Add this as a TXT record on your root domain (host @). Only one SPF record is allowed per domain.

Rather skip DNS entirely? MailOptimal ships pre-warmed mailboxes with SPF, DKIM and DMARC already configured — ready to send on day one.

Get inbox-ready mailboxes
How it works

Generate a valid SPF record in three steps

1

Pick your senders

Select every service that sends mail for you — Google, Microsoft, SendGrid, Mailgun and more.

2

Choose a policy

Decide how strict to be on unauthorized senders: soft fail (~all) or hard fail (-all).

3

Copy your record

Paste the generated TXT record into your DNS, exactly as shown. One record, no guesswork.

Keep going

More free tools

Browse all free tools
FAQ

Common questions

Where do I add the SPF record?
In your DNS provider, add a TXT record on your root domain (the host is usually @) with the generated value. Changes can take up to an hour to propagate.
Why only one SPF record?
A domain can publish only one v=spf1 record. This generator merges every sender into a single record so you stay compliant.
What if my provider isn't listed?
Add it as a custom include: or ip4: mechanism. Check your provider's docs for the exact include domain they require.
Should I use -all or ~all?
Start with ~all (soft fail) while you confirm every sender is covered, then tighten to -all (hard fail) for maximum protection.
Or skip DNS entirely

Let Outboundry handle authentication

Generating the record is the easy part — Outboundry provisions mailboxes with SPF, DKIM and DMARC already live, pre-warmed and ready to send. No DNS edits, no waiting on propagation.

No credit card · 14-day free trial · Join 10,000+ teams