How to set up SPF correctly
SPF (Sender Policy Framework) is a DNS record that lists the servers authorized to send email from your domain. Setting it up correctly is one of the most important steps in preventing your domain from being used for spam and phishing.
How SPF works
When a receiving mail server gets an email from user@yourdomain.com, it checks the DNS record for yourdomain.com and looks for a TXT record that starts with v=spf1. This record tells the server which IP addresses or hostnames are allowed to send email on behalf of your domain.
A basic SPF record
If you only send email through Google Workspace, your SPF record would look like this:
v=spf1 include:_spf.google.com ~all
The ~all at the end means "soft fail" — emails from unlisted servers are marked as suspicious but not rejected. Using -all (hard fail) is stricter and recommended once you are confident your record is complete.
Adding multiple providers
If you also send through Mailchimp and your own server, you would combine them:
v=spf1 include:_spf.google.com include:servers.mcsv.net ip4:203.0.113.10 -all
Common SPF mistakes
- Too many DNS lookups — SPF allows a maximum of 10 DNS-querying mechanisms (include, a, mx, etc.). Exceeding this causes failures. Learn how to fix this →
- Missing providers — Any service that sends email on your behalf (marketing tools, CRMs, support platforms) must be in your SPF record.
- Multiple SPF records — You must have exactly one SPF record per domain. Having two causes authentication failures.
How to add an SPF record
- Log in to your DNS provider (Cloudflare, cPanel, Namecheap, etc.)
- Add a new TXT record
- Set the Name to
@(or leave it blank — represents the root domain) - Set the Value to your SPF record
- Save — changes typically take 15–60 minutes to propagate
Check if your SPF record is valid and see how many lookups it uses.
Check my domain — free