SPF Generator

Create SPF records with our free SPF generator

Sender Policy Framework (SPF) helps prevent spoofing and preserve email deliverability. Take advantage of ZeroBounce’s SPF generator below to create an SPF record for email authentication.

SPF form fields

Does domain send mail?

Does MX records send mail?

Approve all hosts with domain name? (PTR)(Not recommended)

Are there other servers that sendmail for?

SPF Record

SPF Record using Bind

SPF Record using TinyDNS

What is an SPF record?

SPF is an email authentication record that lists approved hostnames, domains and IP addresses for a given domain. They can also contain a set range of IPs allowing anyone within the window to send from the domain.

The receiving server checks for an SPF record whenever an approved user sends an email. If it finds one, and the sender’s IP address is on the list, it passes the check and is more likely to land inside the inbox. Content factors will still play a role in determining whether or not you reach the inbox or the spam folder.

When the SPF record does not contain the address, it follows the instructions in the DMARC file if one is present. The message can end up in the spam folder or the email service can reject it entirely.

This simultaneously protects both your domain and the recipient. It becomes more difficult for spammers to abuse your domain, while the latter can reliably receive legitimate emails from your team.

Why domains require SPF record protection

To protect your brand’s email deliverability and reputation, you must know which addresses are sending messages on your behalf.

Using our SPF generator, you can create a list of approved hostnames, domains, and IP addresses that may utilize your domain name. This will help prevent spoofing.

Without this protection, you’re vulnerable to spoofers looking to exploit vulnerabilities in your network. Hackers often spoof domains to support phishing attacks which seize sensitive data from customers and leads. They can easily create from addresses that appear legitimate but issue harmful content to recipients.

These attacks give way to spam and abuse reports against your domain. This damages your reputation among your email list and email service providers (ESPs). The consequences range from bounce rate increases to blacklistings.

Creating a record using the SPF generator

ZeroBounce can help you prevent spoofing by creating your own records for email authentication. Follow these steps to generate your SPF record in just a few minutes.

  1. Enter your domain name in the field provided. This is what follows the @ symbol in a given address.

  2. For “Does the domain send mail,” switch the toggle to yes or no.

    You should create an SPF record for all your domains even if you are not using them to send messages. Spammers often target these and use them in phishing scams.

    Adding an SPF record to these domains can alert ESPs of illegitimate email activity.
  3. Though we generally associate MX records with inbound mail, you may also configure it to have an active outbound mail server.

    If your MX record deals with outbound mail, switch this toggle to yes. This will update your DNS with information about the IPs we will use to initiate the outbound email connections.
  4. The next toggle refers to the PTR mechanism. PTR abbreviates “pointer” as in DNS Pointer Record.

    Typically, servers verify emails using an A record to identify the sender’s IP address. If your IP matches one on the SPF record, you pass.

    PTR is the inverse of the normal process. It will use the IP address to find the associated email domain. Switching the toggle to yes allows you to utilize PTR instead of the standard procedure.

    PTR generally acts far slower. The validation process may time out, leading to more undelivered emails. Therefore, we do not recommend using PTR.
  5. The next toggle allows you to determine if there are additional email servers you wish to add to this record.

    Switching the toggle to “Yes” opens five additional fields. In these you can include:

    A records
    IPV4 addresses
    IPV6 addresses

    Note: If you need to add additional records, click the green + symbol to the right of the respective field.
  6. Finally, select the action you want to occur if a sender fails your new SPF check.

    Fail tells the service to reject the email.

    Soft fail allows the service to deliver the email. However, the message is more likely to go to the spam folder.

    Neutral will not define the failed IP address. Instead, you can defer to the mechanisms within your DMARC record (if one exists) to determine a pass or fail.

After inputting your choices, your newly-generated SPF record appears below. There are three options available for use which we will now further define.

Three Types of Available Records

SPF Record

Create a text file using the code and create a new SPF record within your domain DNS records. The process can vary slightly depending on your provider. SPF is the standard you can use in most scenarios.

SPF record using BIND

Use this code if your email server utilizes BIND (Berkeley Internet Name Domain) DNS. BIND is the most common free DNS server. It offers DNSSEC (Domain Name System Security Extensions) and IPv6 support and continues to receive updates. Most platforms and tools will provide BIND documentation to assist you in maintaining your records and security.

SPF record using TinyDNS

TinyDNS, sometimes called djbdns, is a free, lightweight alternative to BIND, built with security in mind. However, TinyDNS generally does not play as well with other tools, making it unsuitable for novices. If your administrator prefers the TinyDNS format, copy this code and add it to your TXT record.

SPF record using DMARC and DKIM

Taking advantage of our free SPF generator is a vital first step. Your new SPF record will assist with email authentication and deter many would-be spammers.

However, it can further protect your email deliverability when you use it alongside additional sophisticated email security features such as DMARC (Domain-Based Message Authentication, Reporting, and Conformance) and DKIM (DomainKeys Identified Mail).

The reasoning for this is due to the limitations of SPF records. To better explain this, let’s look at how the process works.

An email message contains two addresses. One is the email server's return path to cross-reference with the SPF record. If it finds the address within the SPF record, it will approve the check and deliver it to the inbox. However, this return address is not visible to the recipient.

This allows spammers to spoof the invisible return address while presenting a legitimate domain name in the email’s “from” section. They can achieve this by exploiting loopholes in your listed IP range or seizing outdated addresses on your domain that are no longer in use.

Using your SPF record with DKIM and DMARC security records adds a necessary security layer to prevent spoofing. This mode of email authentication will help protect your domain from unauthorized users if your SPF record check fails.

These three records work together to create a highly-personalized email signature for everyone that utilizes your email domain.

Frequently asked questions about SPF records

If you have one, you can find your SPF record among your DNS records for your email domain. This record is a TXT file that can exist as A-record, MX-record, IPV4, or IPV6. You can use a free tool online to look up any existing SPF records for your domain.

If you require further assistance, contact your domain provider to determine if you have an SPF record among your DNS records.

Yes. An SPF record is one line of defense against would-be attackers and spoofing. Without its protection, anyone can send emails from your domain. If these messages are harmful or spam, users will report you and damage your email reputation. Continuous reporting will land you on one or more blacklists.

An SPF generator allows anyone to create an SPF record for your domain easily. You’ll need to list your domain and any other IP addresses you allow to use your domain. Then, you can add it to your DNS records to protect yourself from outside threats.

While an SPF record is valuable, it should only be one part of your email security. The reasoning is that attackers can easily circumvent SPF protection when you use it in isolation.

SPF protection only examines the return path, not the from address. The former is what SPF checks while the latter is what the recipient sees. If a spammer can exploit a loophole, they can quickly create an email that looks legitimate.

You’ll need to protect your domain with an SPF record using DMARC and DKIM together.

Domain SPF (Sender Policy Framework) is a file designating approved senders for your specific email domain. It helps prevent spammers from hijacking your domain and pretending to be someone from your network.

With an SPF record, you can list several hostnames or IP addresses that may send emails on your behalf. This process helps approve team members or role-based email addresses using the same company domain.