--- title: "AutoSPF Explains: The Definitive Guide to Adding an SPF Record to Cloudflare" description: "Email is one of the most powerful communication tools in the digital age - but with that power comes responsibility." image: "https://autospf.com/og/blog/autospf-definitive-guide-adding-spf-record-cloudflare.png" canonical: "https://autospf.com/blog/autospf-definitive-guide-adding-spf-record-cloudflare/" --- Quick Answer Email is one of the most powerful communication tools in the digital age - but with that power comes responsibility. If you’re running a domain that sends emails - whether transactional messages, newsletters, or internal team emails - you must authenticate those messages correctly. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fautospf-definitive-guide-adding-spf-record-cloudflare%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=AutoSPF%20Explains%3A%20The%20Definitive%20Guide%20to%20Adding%20an%20SPF%20Record%20to%20Cloudflare&url=https%3A%2F%2Fautospf.com%2Fblog%2Fautospf-definitive-guide-adding-spf-record-cloudflare%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fautospf-definitive-guide-adding-spf-record-cloudflare%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fautospf-definitive-guide-adding-spf-record-cloudflare%2F&title=AutoSPF%20Explains%3A%20The%20Definitive%20Guide%20to%20Adding%20an%20SPF%20Record%20to%20Cloudflare "Share on Reddit") [ ](mailto:?subject=AutoSPF%20Explains%3A%20The%20Definitive%20Guide%20to%20Adding%20an%20SPF%20Record%20to%20Cloudflare&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fautospf-definitive-guide-adding-spf-record-cloudflare%2F "Share via Email") ![AutoSPF Explains: The Definitive Guide to Adding an SPF Record to Cloudflare](https://media.mailhop.org/autospf/images/2024/05/sender-policy-framework-office-365-4328.jpg) Email is one of the most powerful communication tools in the digital age - but with that power comes responsibility. If you’re running a domain that sends emails - whether transactional messages, newsletters, or internal team emails - you _must_ authenticate those messages correctly. Without proper authentication, your emails risk being tagged as spam, blocked, or outright rejected by receiving servers. _Per [RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208), SPF evaluation is capped at 10 DNS mechanism lookups and 2 void lookups per check - exceeding either limit produces a `PermError` that fails authentication for every message from the domain._ For setup instructions covering Cloudflare and dozens of other platforms, see our [SPF Record Setup Guide](/blog/spf-record-setup-guide-every-platform/). That’s where [SPF](/blog/what-is-spf-email-a-guide-to-sender-validation-technology/) (Sender Policy Framework) comes in. In this detailed guide, I’ll walk you through everything you need to know about SPF - what it is, why it matters, how Cloudflare handles [DNS records](https://www.cloudflare.com/learning/dns/dns-records/), and _exactly_ how to add your SPF record in Cloudflare step by step. We’ll also explore advanced tips and common pitfalls so you get it right the first time. ## What is SPF? SPF stands for Sender Policy Framework - a way for domain owners to publish a list of servers and services that are authorized to send email on their behalf. In technical terms, SPF is a DNS TXT record that defines which [IP addresses](https://us.norton.com/blog/privacy/what-is-an-ip-address) and domains are allowed to send email for your domain. When an incoming mail server receives an email claiming to be from your domain, it performs an SPF check. It fetches the [SPF TXT record](/blog/how-to-create-an-spf-txt-record/) from DNS to verify whether the sending server is authorized. If it is, the check passes; if it’s not - the check fails, and the email may be delivered to spam or rejected entirely. SPF helps combat [email spoofing](https://www.infosecurity-magazine.com/news/infosec2025-email-domains-spoofing/), phishing, and unauthorized use of your domain - all major threats to your reputation and deliverability. It protects both your business and your recipients. ## Why Cloudflare DNS? _Cloudflare is one of the most widely used DNS providers in the world. Its global distributed network improves performance by caching your DNS globally and helps improve security with built-in protections_. Many domain owners use Cloudflare to manage DNS because it’s reliable, fast, and integrates well with other Cloudflare services. Whether you use Cloudflare only for DNS or in combination with other Cloudflare features (like CDN, security, [email routing](https://www.cloudflare.com/learning/email-security/what-is-email-routing/), etc.), the process for adding DNS records - including SPF - follows the same basic pattern. ![spam, blocked](https://media.mailhop.org/autospf/images/2026/01/kitterman-spf-4552.jpg) ## Why SPF Matters Before Anything Else SPF doesn’t just help your emails _get delivered_. It’s part of a trio of standards that work together: - SPF - Verifies that mail is sent from an authorized server. - DKIM - Adds a [cryptographic signature](https://learn.microsoft.com/en-us/dotnet/standard/security/cryptographic-signatures) to outgoing messages so recipients can verify integrity. - DMARC - Instructs receiving servers on how to handle messages that fail SPF and/or DKIM, and optionally sends you reports about failures. Together, these protocols reduce spam, phishing, and spoofed email - and improve your domain reputation across the internet. Before adding SPF, make sure you know all the services that send mails on behalf of your domain, including marketing platforms, [CRM systems](https://www.salesforce.com/in/crm/what-is-crm/crm-systems/), and internal mail servers. ## How SPF Records Work (Conceptually) SPF records live in DNS as TXT records. A typical SPF record might look like: v=spf1 ip4:192.0.2.0/24 include:mailprovider.com \~all Here’s what each part means: - v=spf1 - This declares that it’s an SPF version 1 record. - ip4:192.0.2.0/24 - This authorizes a block of IPs to send mail. - include:mailprovider.com - This includes the SPF rules of a third-party mail service (like a newsletter provider). - \~all - This states a “soft fail” for any sender not listed above - meaning the email _might be marked suspicious_. You can also use -all for a stricter “hard fail.” With Cloudflare, SPF records must be created as TXT records in your DNS settings. ![unauthorized use of your domain](https://media.mailhop.org/autospf/images/2026/01/spf-record-checker-2114.jpg) ## Step-by-Step: Adding an SPF Record in Cloudflare Follow these steps to securely publish your SPF record in Cloudflare: ### Step 1: Log In to Cloudflare Head to and log in with your Cloudflare credentials. ### Step 2: Select Your Domain From your list of domains, click the one you want to configure. ### Step 3: Go to DNS Settings In the left-hand sidebar, click DNS. This brings you to your DNS records dashboard. ### Step 4: Add a New DNS Record Click Add record. In the new record form: - Type: Choose TXT - Name: Enter @ (this represents your root domain) - Content: Paste your SPF rule - TTL: Keep it at Auto unless you have a specific reason to change it A basic SPF entry might look like: ``` v=spf1 include:thirdpartyservice.com ~all ``` Make sure you include all authorized senders (your servers, your newsletter platform, your CRM, etc.). Then click Save. Partial Important: A domain should have only one SPF record. Having multiple records can cause authentication failures. If you need to authorize multiple senders, combine them into a single record using includes and IP mechanisms. ## What Are Best Practices for When Authorizing Multiple Sources? Many domains send mail through more than one system - for example: - Internal mail servers - Email marketing tools - CRM or support platforms - Third-party vendors If all are sending on behalf of your domain, _don’t create multiple SPF records_ \- combine them. For example: ``` v=spf1 ip4:192.0.2.0 include:mailchimp.com include:zohomail.com ~all ``` Each include: supports one vendor. Too many includes or mechanisms can hit DNS lookup limits, so plan carefully. ## Validating Your SPF Record After adding your record, you should validate it: ### Wait for DNS to Propagate It may take a few minutes to a couple of hours for DNS changes to travel across the web. ### Use an SPF Lookup Tool Use tools like: - SPF Validators - DNS TXT Lookups - Email authentication checkers These tools confirm that your record is visible and syntactically correct. ## Common Errors & How to Fix Them ### Multiple SPF Records Cloudflare, like all DNS systems, only supports _one_ SPF TXT record per domain. If you accidentally create more than one, some [mail servers](https://whatismyipaddress.com/mail-server#google%5Fvignette) will reject your messages outright. Cloudflare Docs ### Too Many DNS Lookups SPF records that include too many third-party services can exceed the DNS lookup limit (10 includes). If you hit this ceiling, email authentication can fail even if the record is technically present. ### Missing Includes If you forget to include a vendor’s SPF, their mail may fail SPF checks and land in spam. ### Wrong Record Type Sometimes domain owners try to use SPF as the record type - but SPF must be published as a TXT record. Cloudflare doesn’t support the legacy SPF record type. ## Strengthen Email Security with DKIM and DMARC Once SPF is live, don’t stop there. ### DKIM DKIM attaches a cryptographic signature to messages so that receivers can verify the message _wasn’t altered_ in transit. It uses additional DNS TXT or [CNAME records](https://support.dnsimple.com/articles/cname-record/) and requires support from your mail service. ### DMARC _DMARC allows you to tell receiving servers how to handle emails that fail SPF and/or DKIM - and optionally collect reports about failures_. DMARC is usually added as a TXT record at \_dmarc.yourdomain.com. Together, SPF, DKIM, and DMARC form the foundation of strong email authentication and are critical for deliverability and brand protection. ## Tools to Simplify SPF Management Managing SPF records manually can be tedious, especially if you use many mail services. Tools like [AutoSPF](/) (that’s me!), EasyDMARC, PowerDMARC, and others can help you: - Generate SPF records - Validate syntax - Aggregate includes - Monitor DNS issues These tools help ensure your SPF remains healthy as your [email ecosystem](https://cybersecuritynews.com/microsoft-strengthens-outlook/) evolves. ## Final Tips Yes Always maintain a single SPF record per domain. Yes Include _all_ authorized sending sources. Yes Test after publishing. Yes Review periodically when you add or remove services. Yes Supplement with DKIM and DMARC for full protection. ## Topics [ DKIM ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)[ SPF record ](/tags/spf-record/) ![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Intermediate 3m 3 points to consider before setting your SPF record to -all (HardFail) May 22, 2025 ](/blog/3-points-to-consider-before-setting-your-spf-record-hardfail/)[ Intermediate 5m Are Your SPF and DKIM Identifiers Aligned? Jul 18, 2024 ](/blog/are-your-spf-and-dkim-identifiers-aligned/)[ Intermediate 6m Automated Solutions for Preventing Email Spoofing May 7, 2026 ](/blog/automated-solutions-for-preventing-email-spoofing/)[ Intermediate 9m Avoiding the common SPF and DKIM mistakes in 2026 Feb 19, 2026 ](/blog/avoiding-the-common-spf-and-dkim-mistakes-in-2026/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"AutoSPF Explains: The Definitive Guide to Adding an SPF Record to Cloudflare","description":"Email is one of the most powerful communication tools in the digital age - but with that power comes responsibility.","url":"https://autospf.com/blog/autospf-definitive-guide-adding-spf-record-cloudflare/","datePublished":"2026-01-07T18:07:06.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2026-01-07T18:07:06.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/autospf-definitive-guide-adding-spf-record-cloudflare/"},"articleSection":"intermediate","keywords":"DKIM, DMARC, email security, SPF, SPF record","wordCount":1296,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2024/05/sender-policy-framework-office-365-4328.jpg","caption":"AutoSPF Explains: The Definitive Guide to Adding an SPF Record to Cloudflare","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://autospf.com/intermediate/"},{"@type":"ListItem","position":4,"name":"AutoSPF Explains: The Definitive Guide to Adding an SPF Record to Cloudflare","item":"https://autospf.com/blog/autospf-definitive-guide-adding-spf-record-cloudflare/"}]} ```