--- title: "Google Updates SPF Records: What Domain Owners Need to Fix in 2026 | AutoSPF" description: "Google" image: "https://autospf.com/og/blog/google-updates-spf-records-required-fixes-for-domain-owners-2026.png" canonical: "https://autospf.com/blog/google-updates-spf-records-required-fixes-for-domain-owners-2026/" --- Quick Answer Google's bulk sender requirements (announced October 2023, enforced from February 2024) require any domain sending 5,000+ messages per day to Gmail addresses to authenticate with both SPF and DKIM, publish a DMARC record of at least p=none, keep spam complaints below 0.3%, and use one-click unsubscribe on marketing mail. Non-compliant senders are routed to spam or rejected outright. Google Updates SPF Records: What Domain Owners Need to Fix in 2026 Your browser does not support the audio element. [ Download episode](/audio/google-updates-spf-records-required-fixes-for-domain-owners-2026.mp3) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fgoogle-updates-spf-records-required-fixes-for-domain-owners-2026%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Google%20Updates%20SPF%20Records%3A%20What%20Domain%20Owners%20Need%20to%20Fix%20in%202026&url=https%3A%2F%2Fautospf.com%2Fblog%2Fgoogle-updates-spf-records-required-fixes-for-domain-owners-2026%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fgoogle-updates-spf-records-required-fixes-for-domain-owners-2026%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fgoogle-updates-spf-records-required-fixes-for-domain-owners-2026%2F&title=Google%20Updates%20SPF%20Records%3A%20What%20Domain%20Owners%20Need%20to%20Fix%20in%202026 "Share on Reddit") [ ](mailto:?subject=Google%20Updates%20SPF%20Records%3A%20What%20Domain%20Owners%20Need%20to%20Fix%20in%202026&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fgoogle-updates-spf-records-required-fixes-for-domain-owners-2026%2F "Share via Email") ![SPF Records](https://media.mailhop.org/autospf/images/2025/12/spf-record-8765.jpg) **Google’s bulk sender requirements - announced October 2023 and enforced from February 2024 - require any domain sending 5,000 or more messages per day to Gmail addresses to authenticate with both SPF and DKIM, publish a DMARC record of at least `p=none`, keep spam complaint rates below 0.3%, and include a one-click unsubscribe header on marketing mail.** These rules apply to every domain in the `From` header, not just the sending infrastructure’s domain, and Google now rejects or routes to spam any message from a non-compliant bulk sender. _Per [RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208), SPF evaluation is capped at 10 DNS mechanism lookups and 2 void lookups per check - exceeding either limit produces a `PermError` that fails authentication for every message from the domain._ According to [Google’s official bulk sender announcement](https://blog.google/products/gmail/gmail-security-authentication-spam-protection/), the change was driven by the fact that ML-based spam filters already block nearly 15 billion unwanted messages per day, but unauthenticated bulk mail was still slipping through. The authentication requirement closes that gap by making SPF, DKIM, and DMARC hard prerequisites rather than recommendations. Yahoo adopted the same requirements on the same timeline. This guide covers exactly what SPF changes Google Workspace customers need to make for 2026, how to audit whether your domain is currently compliant, how to fix a PermError from exceeding the 10-DNS-lookup limit (the single most common blocker), and how to stage DMARC from `p=none` to `p=quarantine` to `p=reject` without breaking legitimate mail. ## What Is SPF and Google Workspace Email Authentication? SPF is short for Sender Policy Framework, which is a DNS-based email authentication protocol that tells the receiving server if a sender is officially authorized to send emails from your domain. It works by listing trusted sending services inside a [TXT record](https://www.digicert.com/faq/dns/what-is-a-txt-record) in your DNS. When someone receives an email from your domain, their mail server checks this record to verify whether the sending server is allowed to act on your behalf. Google Workspace makes things easier by publishing its own managed SPF record under ‘\_spf.google.com.’ So, instead of manually adding all of Google’s [mail server](https://www.activecampaign.com/glossary/mail-server) addresses, you just point to this ‘include’ value\_. Google takes care of updating the addresses behind it, so you don’t have to worry about keeping it current.\_ If your domain sends email only through Google Workspace, Google suggests using this straightforward SPF record: ``` v=spf1 include:_spf.google.com ~all ``` _This basically tells receiving mail servers, “Google is the only authorized sender for this domain. Anything else should be questioned or blocked.”_ Please note that if you also use other services to send email, you need to add them to your SPF record too. ## What’s the new change for the Google SPF record ![SPF record](https://media.mailhop.org/autospf/images/2025/12/spf-records-5971.jpg) When you look inside Google’s \_spf.google.com SPF reference, you’ll see that it isn’t just one line; it actually points to other internal SPF records managed by Google. Earlier, this included three [sub-records](https://www.google.com/search?q=sub-records&sca%5Fesv=8dfe9edb86176f37&biw=1600&bih=821&sxsrf=AE3TifMo89LGF9BoQgjANdjn36fxyoOVpA%3A1764846483833&ei=k2sxadXFMsyb4-EPmqjK2AU&ved=0ahUKEwiV24G-5aORAxXMzTgGHRqUElsQ4dUDCBE&uact=5&oq=sub-records&gs%5Flp=Egxnd3Mtd2l6LXNlcnAiC3N1Yi1yZWNvcmRzMgQQABgeMgQQABgeMgYQABgKGB4yBhAAGAoYHjIGEAAYCBgeMgYQABgIGB4yBhAAGAgYHjIGEAAYCBgeMgYQABgIGB4yBhAAGAgYHkjAA1AAWABwAHgBkAEAmAHNAqABzQKqAQMzLTG4AQPIAQD4AQL4AQGYAgGgAt4CmAMAkgcDMy0xoAetBbIHAzMtMbgH3gLCBwMzLTHIBww&sclient=gws-wiz-serp): - \_netblocks.google.com - \_netblocks2.google.com - \_netblocks3.google.com _These contained Google’s IP ranges for sending email. Recently, Google silently removed \_netblocks3.google.com from the chain._ This simply means that the removed sub-record no longer holds active sending addresses. In simple terms, Google cleaned up its [SPF](/blog/what-is-spf-email-a-guide-to-sender-validation-technology/) structure. Here’s how it looked earlier: ``` v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all ``` Here’s what it looks like now- ``` v=spf1 include:_netblocks.google.com include:_netblocks2.google.com ~all ``` ## Who is affected by the new change for the Google SPF record Most Google Workspace users don’t need to worry about this change. _They simply use the recommended ‘include:\_spf.google.com’ entry, and Google keeps everything updated behind the scenes._ If your SPF record follows this format, it will continue to work as expected. That is why Google hasn’t made any loud announcements about it. ![Google Workspace ](https://media.mailhop.org/autospf/images/2025/12/spf-record-check-3901.jpg) But if you manually copied [Google’s internal structure](https://www.linkedin.com/pulse/what-googles-org-structure-tells-us-design-scale-on-the-mark-inc--7qyyc), your SPF record might be invalid or include an unnecessary reference. It might not break email right away, but it makes the SPF setup messy and harder to maintain. Removing outdated references keeps your SPF cleaner, accurate, and ready for any future updates Google makes. ## How to check if your domain is affected Run your current SPF record through AutoSPF’s SPF lookup tool. The tool will show your SPF record and everything in it, including whether \_netblocks3.google.com or other outdated Google entries are still there. If you notice separate [Google netblocks](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/netblock%5Fip%5Franges) listed along with \_spf.google.com, it’s a sign your record needs cleaning. Our tool also highlights issues like extra lookups or broken includes, so you can quickly see what needs fixing. This simple check helps you understand whether your SPF setup matches Google’s latest structure. ![Finger touching phone with wifi x](https://media.mailhop.org/autospf/images/2025/12/finger-touching-phone-with-wifi-1024x683.jpg) ## How to fix it Fixing this issue is straightforward once you know what to look for. - Check your SPF record and identify how Google is referenced. - _If your record only has ‘include:\_spf.google.com,’ you don’t need to make any changes. Google manages updates for you._ - If you see individual netblocks entries such as \_netblocks.google.com, \_netblocks2.google.com, or \_netblocks3.google.com, remove them. - Replace all of them with a single include pointing to ‘\_spf.google.com,’ which keeps your configuration clean and automatically updated by Google. - If you believe you need detailed control, then at least remove \_netblocks3.google.com, because it is no longer used. However, ideally, avoid splitting them at all. Keeping your SPF record simple reduces errors, improves maintenance, and ensures future Google updates are applied without manual intervention. ## What Are Best Practices for SPF records? ![Email Authentication](https://media.mailhop.org/autospf/images/2025/12/spf-validator-1197.jpg) To keep your [email authentication](/blog/role-relevance-of-dns-spf-records-for-email-authentication/) setup clean and reliable, it helps to follow a few simple habits: - Use only vendor-issued ‘include’ entries Always rely on official SPF ‘include’ values published by providers like Google or Microsoft. They update these automatically, so you don’t have to track changing IP ranges or maintain the record manually. - Avoid manually expanding SPF entries _Don’t copy or rewrite internal SPF references. Hard-coding details makes your record messy and increases the risk of errors when the provider updates their configuration._ - Audit your SPF record regularly Check your SPF setup every few months to spot outdated entries, duplicated references, or broken includes. A quick review helps prevent alignment issues or deliverability problems. ![phishing attempts](https://media.mailhop.org/autospf/images/2025/12/spf-records-5697.jpg) - Pair SPF with DKIM and DMARC SPF alone isn’t enough. Combine it with [DKIM](/blog/how-dkim-works-a-comprehensive-guide-to-email-authentication/) and [DMARC](https://dmarcreport.com/) so receiving servers can verify messages correctly and block [phishing attempts](https://www.utilitydive.com/news/utilities-on-high-alert-as-phishing-attempts-cyber-probing-spike-related-t/573698/) using your domain. - Use Monitoring or Reporting Tools Tools like SPF lookup, DMARC analyzers, or [email security](/) dashboards help you monitor changes and detect configuration issues early, making maintenance easier. ![email security](https://media.mailhop.org/autospf/images/2025/12/spf-record-3970-1.jpg) ## Final words Google’s SPF update may look small, but it points to a bigger problem. Outdated or heavily customized records can weaken your [email protection](https://www.cynet.com/malware/email-protection-threats-solution-categories-and-best-practices/) without you noticing. Most domains that follow Google’s guidance are safe, but those with old netblocks or copied entries may face alignment issues. This is a good reminder to check your [DNS setup](https://developers.cloudflare.com/dns/zone-setups/) from time to time. A clean SPF record is easier to manage and stays accurate when your email provider makes changes. If you have not reviewed your SPF record recently, now is a great time to do it. Use the [AutoSPF SPF checker tool](/free-spf-checker/) to see if your record has old or extra entries. If something is incorrect, update it or reach out to your [email provider](https://www.icontact.com/define/email-service-provider/) for help. A little cleanup today can prevent delivery problems and security risks later. ## Topics [ DKIM ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ SPF ](/tags/spf/)[ SPF record ](/tags/spf-record/) ![Vasile Diaconu](https://media.mailhop.org/autospf/images/authors/vasile-diaconu.jpg) [ Vasile Diaconu ](/authors/vasile-diaconu/) Operations Lead Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for AutoSPF. [LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Intermediate 3m 3 points to consider before setting your SPF record to -all (HardFail) May 22, 2025 ](/blog/3-points-to-consider-before-setting-your-spf-record-hardfail/)[ Intermediate 6m 6 Best practices for maintaining an SPF record Jun 5, 2025 ](/blog/6-best-practices-for-maintaining-an-spf-record/)[ Intermediate 3m Adding your SPF record to your domain provider Sep 2, 2024 ](/blog/adding-your-spf-record-to-your-domain-provider/)[ Intermediate 5m Are Your SPF and DKIM Identifiers Aligned? Jul 18, 2024 ](/blog/are-your-spf-and-dkim-identifiers-aligned/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Google Updates SPF Records: What Domain Owners Need to Fix in 2026","description":"Google's 2024 bulk sender guidelines require every domain sending 5,000+ daily messages to Gmail to authenticate with SPF, DKIM, and DMARC. Learn exactly what to fix, when enforcement kicks in, and how to test compliance.","url":"https://autospf.com/blog/google-updates-spf-records-required-fixes-for-domain-owners-2026/","datePublished":"2025-12-05T16:15:36.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2025-12-05T16:15:36.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://autospf.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, which gives him a direct view of which SPF problems customers hit most often in production and how they get resolved operationally.","image":"https://media.mailhop.org/autospf/images/authors/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/google-updates-spf-records-required-fixes-for-domain-owners-2026/"},"articleSection":"intermediate","keywords":"DKIM, DMARC, SPF, SPF record","wordCount":1099,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2025/12/spf-record-8765.jpg","caption":"SPF Records","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://autospf.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Google Updates SPF Records: What Domain Owners Need to Fix in 2026","item":"https://autospf.com/blog/google-updates-spf-records-required-fixes-for-domain-owners-2026/"}]} ```