In this category
DNS Settings for Email SPF Records
Tags
DNS SPF Kurulum Rehberi
Other languages
Türkçe
Intermediate 3 min read 7 views Updated May 17, 2026

How to Set Up an SPF Record for Your Domain (Step-by-Step)

An SPF record tells receiving mail servers which servers are allowed to send email for your domain. Learn how to create and publish your SPF record to improve deliverability and stop spoofing.

Contents
  1. Why SPF Records Matter
  2. How SPF Works
  3. Step 1: Find Your Sending Mail Servers
  4. Step 2: Build Your SPF Record
  5. Step 3: Publish the SPF Record in DNS
  6. Step 4: Verify Your SPF Record
  7. Common SPF Mistakes to Avoid

An SPF (Sender Policy Framework) record is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. Without it, your emails are more likely to land in spam — or be rejected entirely.

Why SPF Records Matter

  • Prevents spammers from forging your domain in the From header
  • Improves email deliverability to major providers (Gmail, Outlook, Yahoo)
  • Required for DMARC policies to work correctly
  • Reduces the chance your legitimate emails land in spam folders

How SPF Works

When a receiving mail server gets an email claiming to be from @yourdomain.com, it looks up the SPF record for yourdomain.com in DNS. If the sending server's IP is listed in the SPF record, the email passes. If not, it may be marked as spam or rejected.

Step 1: Find Your Sending Mail Servers

Before creating your SPF record, list every server that sends email for your domain:

  • Your web hosting server (if it sends transactional emails)
  • Google Workspace / Microsoft 365
  • Marketing tools (Mailchimp, SendGrid, Brevo, etc.)
  • CRM or helpdesk platforms (HubSpot, Zendesk, etc.)

Step 2: Build Your SPF Record

SPF records follow a specific syntax. Here are common examples:

Google Workspace Only

v=spf1 include:_spf.google.com ~all

Microsoft 365 Only

v=spf1 include:spf.protection.outlook.com ~all

cPanel Hosting + Google Workspace

v=spf1 include:_spf.google.com include:yourhostingprovider.com ~all

Multiple Services

v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:servers.mcsv.net ~all

Understanding the ~all vs -all Qualifier

  • ~all (softfail) — Emails from unlisted servers are accepted but marked as suspicious. Recommended to start.
  • -all (hardfail) — Emails from unlisted servers are rejected outright. Use only after confirming all legitimate senders are included.
  • ?all (neutral) — No policy applied. Not recommended.

Step 3: Publish the SPF Record in DNS

  1. Log into your domain registrar or DNS provider (Cloudflare, GoDaddy, Namecheap, cPanel, etc.)
  2. Navigate to DNS Management or Zone Editor
  3. Add a new TXT record:
    • Host/Name: @ (represents your root domain)
    • Type: TXT
    • Value: Your SPF record (e.g. v=spf1 include:_spf.google.com ~all)
    • TTL: 3600 (1 hour) or default
  4. Save the record

Important: You can only have ONE SPF record per domain. If you already have one, edit it — don't add a second one.

Step 4: Verify Your SPF Record

After saving, wait 10–60 minutes for DNS propagation, then verify:

  • mxtoolbox.com/spf.aspx — Enter your domain to see if the SPF record is correctly published
  • Google Admin Toolbox (toolbox.googleapps.com/apps/checkmx) — Check email deliverability for Google Workspace

Common SPF Mistakes to Avoid

  • Having more than one SPF TXT record (only the first one is used)
  • Exceeding 10 DNS lookups (each include: counts as one lookup)
  • Forgetting to include your web server if it sends emails
  • Using -all before verifying all senders are included
A
Administrator
Updated May 17, 2026

Related Articles

How to Set Up a DMARC Record — Complete Guide with Examples
DMARC protects your domain from phishing and spoofing by telling receiving servers what to do when SPF and DKIM fail. Learn how to create, publish, and gradually enforce your DMARC policy.
Intermediate 4 min read 13 May 18
MX Records Explained: How Email Routing Works
Understand what MX records are, how they route email to the right server, and how to configure them correctly for your domain.
Beginner 2 min read 8 May 17
How to Set Up DKIM for Your Domain (Step-by-Step Guide)
DKIM stops email spoofing and dramatically improves deliverability. This guide explains what DKIM is, how it works, and how to enable it for Google Workspace, Microsoft 365, and cPanel hosting.
Intermediate 4 min read 8 May 17
DMARC Configuration Guide: Protect Your Domain from Phishing
Set up a DMARC policy to control what happens to emails that fail SPF and DKIM checks. Essential protection against spoofing and phishing.
Intermediate 2 min read 7 May 17
On this page