SPF Record Creator
Build a valid SPF DNS record by adding your sending sources — mail servers, IPs, and third-party services — then choose a policy and copy the TXT record.
v=spf1 ~all your-domain.com with the value above. Name/Host: @ (or blank). TTL: 3600. Only one SPF record is allowed per domain.
Disclaimer: Free tool provided “as is” by MonitorGiant. No warranty or liability for any data loss, security issues, or infrastructure problems arising from use of this tool. Results are for informational purposes only. · A Free Tool by MonitorGiant
How SPF Record Creator works
SPF (Sender Policy Framework) lets you publish a DNS record listing every server authorised to send email on behalf of your domain. Receiving mail servers check this list and can reject or flag emails from unlisted sources.
- 1
Enter your domain
The domain you want to protect — the same one your email is sent from (e.g. example.com). This is used in the DNS setup instructions at the bottom.
- 2
Add your sending sources
Use "include:" for third-party email services like Google Workspace or SendGrid. Use "ip4:" or "ip6:" for your own mail server IPs. Use "mx" to authorise your domain's MX servers automatically.
- 3
Use Quick Add presets
One-click buttons for the most common email providers. These insert the official SPF include record from that provider's documentation.
- 4
Choose a policy
SoftFail (~all) is recommended when you're first deploying SPF — messages from unlisted senders are marked but not rejected, giving you time to find any missed senders. Switch to Fail (-all) once you're confident.
- 5
Copy the record to your DNS zone
Add a TXT record at the root of your domain (@ or blank) with the generated value. Propagation usually takes under an hour. Remember: only one SPF record is allowed per domain.
The SPF record is assembled entirely in your browser using JavaScript string construction. No data is sent to MonitorGiant or any third party. Domain names you enter are not transmitted anywhere.
If you're asking how to create an SPF record for Gmail, Outlook, or another mail provider, the answer is a DNS TXT record that lists every server authorised to send email from your domain. Without one, receiving mail servers have no way to verify your messages are legitimate — leading to spam folder placement or outright rejection. This tool builds the correct SPF syntax: add your provider presets, set your policy (SoftFail ~all for safe rollout, Fail -all once confident), and paste the TXT value straight into your DNS zone.
Frequently asked questions — SPF Record Creator
What is an SPF record and do I need one?
An SPF (Sender Policy Framework) record is a DNS TXT record that lists all mail servers and services authorised to send email on behalf of your domain. Without one, receiving mail servers have no way to verify that emails claiming to be from your domain are legitimate — making your domain vulnerable to spoofing and causing deliverability problems. Every domain that sends email should have an SPF record.
How do I add an SPF record to my domain?
Generate your SPF record using this tool, then log in to your DNS provider (Cloudflare, GoDaddy, Route 53, Namecheap, etc.) and add a TXT record at the root of your domain (usually represented as @ or left blank). Paste the generated string as the record value. Changes typically propagate within 5–30 minutes. You can verify the record is live using our DNS / DKIM Inspector.
What's the difference between -all and ~all in an SPF record?
-all (Fail) instructs receiving servers to reject emails from any sender not listed in your SPF record — the strictest option. ~all (SoftFail) marks emails from unlisted senders as suspicious but does not reject them. Start with ~all when first deploying SPF so you can identify any legitimate sending sources you may have missed, then switch to -all once you're confident your record is complete.
Can I have multiple SPF records for one domain?
No — the SPF standard (RFC 7208) requires exactly one SPF TXT record per domain. Having two SPF records causes authentication to fail entirely. If you need to authorise multiple services, combine them into a single record using multiple include: mechanisms: v=spf1 include:_spf.google.com include:sendgrid.net ~all. The 10 DNS lookup limit per SPF evaluation also applies — keep your include count low.
Why is my email still going to spam after adding an SPF record?
SPF alone is not sufficient for strong deliverability. You also need DKIM (a cryptographic signature on every email) and DMARC (a policy that tells receivers how to handle SPF/DKIM failures). Without all three, some providers — particularly Gmail, Microsoft 365, and Yahoo — will still apply spam filtering. Use the DNS / DKIM Inspector to verify all three are correctly configured.
What is the SPF 10 DNS lookup limit?
The SPF specification limits the total number of DNS lookups triggered by a single SPF evaluation to 10. Each include:, a, mx, redirect, and exists mechanism that requires a DNS lookup counts against this limit. If you exceed 10 lookups, the SPF check results in a "permerror" and the email may be rejected. Use SPF flattening tools or consolidate your sending services to stay under the limit.
Comments & Feedback
Found a bug? Have a suggestion? We'd love to hear from you.
Related Tools
From the makers of this tool
Need deeper observability?
MonitorGiant tracks real-time AI performance, infrastructure health, and system reliability — far beyond what free utilities can show.