AcuityScan

SPF Record Generator

Build a valid SPF record. Pick your email providers, add custom IPs, choose your policy, and get a copy-paste DNS record with lookup count validation.

35+ providersLookup counterCopy-paste readySyntax validated

What you get

Here's an example SPF record generated for a company using Google Workspace and Mailchimp.

Example SPF Record

v=spf1 include:_spf.google.com include:servers.mcsv.net ~all

DNS lookups: 2/10 — Host: @ — Type: TXT

2/10
DNS Lookups Used
2
Providers Included
Valid
Syntax Check

How it works

Provider Library

Choose from 18 pre-configured email providers — Google Workspace, Microsoft 365, Mailchimp, SendGrid, Amazon SES, Zoho, and more. Each provider's correct SPF include mechanism is built in.

DNS Lookup Counter

SPF records are limited to 10 DNS lookups. Each 'include' and 'redirect' mechanism counts as one lookup. The generator tracks your total and warns you before you exceed the limit.

Policy Selection

Choose between Soft Fail (~all, recommended for most), Hard Fail (-all, strict rejection), or Neutral (?all, not recommended). The tool explains what each policy does in plain English.

Custom IP Support

Add your own IP addresses or CIDR ranges for servers that send email on your behalf but aren't covered by a known provider. These are added as ip4: or ip6: mechanisms.

Syntax Validation

The generated record is validated for correct SPF syntax — proper v=spf1 prefix, valid mechanisms, correct policy terminator, and no duplicate includes.

Copy-Paste Ready

Get the exact TXT record value to paste into your DNS provider. No guessing about formatting — the record is ready to add as-is to your domain's DNS zone.

Common questions

What is SPF?
SPF (Sender Policy Framework) is a DNS record that tells receiving mail servers which IP addresses and servers are authorized to send email on behalf of your domain. Without SPF, anyone can send email pretending to be from your domain.
What's the 10 DNS lookup limit?
The SPF specification (RFC 7208) limits SPF records to 10 DNS lookups. Each 'include', 'a', 'mx', 'redirect', and 'exists' mechanism counts as one lookup. Exceeding 10 causes a PermError, which means your SPF record is effectively broken and all email fails SPF checks.
Should I use Soft Fail or Hard Fail?
Soft Fail (~all) is recommended for most domains. It tells receivers that unauthorized senders should be treated with suspicion but not outright rejected. Hard Fail (-all) tells receivers to reject unauthorized email entirely — this is stricter but can cause issues if you have senders you forgot to include.
Can I have multiple SPF records?
No. A domain must have exactly one SPF TXT record. If you have two, both are invalid per the spec. If you already have an SPF record, you need to merge the new includes into your existing record rather than creating a second one.
Where do I add the SPF record?
Add it as a TXT record at the root of your domain (@ or blank host) in your DNS provider's dashboard (Cloudflare, GoDaddy, Namecheap, Route 53, etc.). The value is the entire string starting with v=spf1.
Do I need an account?
No account needed. For ongoing monitoring, white-label reports, and the full Site+ Scan covering 350+ checks, see our Pro and Agency plans.

Related tools

DMARC GeneratorDMARC AnalyzerDNS LookupEmail Deliverability

Want the full picture?

The checks email deliverability plus 7 other categories — DNS, SSL, performance, SEO, accessibility, privacy, and mobile.

Run