How to add or update an SPF record

An SPF (Sender Policy Framework) record specifies which mail servers are allowed to send emails on behalf of your domain. It is configured as a TXT record in your domain’s DNS settings.

Adding or updating an SPF record ensures that mailbox providers can verify whether a sending server is authorized to send emails from your domain. This helps protect your domain from spoofing and improves email deliverability.

Step 1: Identify all services that send email for your domain

Before creating or updating your SPF record, list all platforms that send emails using your domain.

Common examples include:

• Google Workspace
• Microsoft 365
• Email marketing platforms
• Transactional email services
• CRM or automation tools

Every sending service must be included in your SPF record. If a service is missing, emails sent through that service may fail SPF authentication.

Step 2: Create or update the SPF record

An SPF record must be created as a TXT record in your domain’s DNS settings.

All SPF records start with:

v=spf1

This indicates that the record uses SPF version 1.

You can then add mechanisms that define which servers are allowed to send emails.

Example SPF record:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com -all

Explanation:

v=spf1
Defines the SPF version.

include
Allows the specified service to send emails on behalf of your domain.

-all
Indicates that servers not listed in the record are not authorized to send emails.

Step 3: Add the SPF record to your DNS

Log in to your DNS provider (for example Cloudflare, GoDaddy, Namecheap, etc.) and add or edit the TXT record for your domain.

Typical configuration:

Host / Name
@

Type
TXT

Value
v=spf1 include:_spf.google.com include:spf.protection.outlook.com -all

Save the record after adding or updating it.

Step 4: Ensure only one SPF record exists

A domain should have only one SPF record.

If multiple SPF records exist, SPF validation will fail. Instead of creating multiple records, combine all sending services into a single SPF record.

Example:

Correct configuration

v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:mailgun.org -all

Incorrect configuration

Multiple separate SPF TXT records.

Step 5: Wait for DNS propagation

After updating the SPF record, DNS changes may take time to propagate across the internet.

Propagation typically takes a few minutes to several hours, but in some cases it may take up to 24 hours.

Common SPF update issues

Multiple SPF records
Only one SPF record should exist for a domain.

Too many DNS lookups
SPF allows a maximum of 10 DNS lookups. Exceeding this limit can cause SPF checks to fail.

Missing sending services
If a sending service is not included in the SPF record, emails sent through that service may fail authentication.

Incorrect syntax
Formatting errors in the TXT record can prevent SPF validation.

Help center