--- title: "What Is The Correct SPF Record Format For Including IP Addresses And Domains? | AutoSPF" description: "The correct SPF record format for including IP addresses and domains is to publish a single TXT record starting with v=spf1 that lists IPv4/IPv6 sources via." image: "https://autospf.com/og/blog/what-is-correct-spf-record-format-for-ips-domains.png" canonical: "https://autospf.com/blog/what-is-correct-spf-record-format-for-ips-domains/" --- Quick Answer The correct SPF record format for including IP addresses and domains is to publish a single TXT record starting with v=spf1 that lists IPv4/IPv6 sources via ip4: and ip6:, authorizes third-party senders via include:, orders mechanisms from most specific to least specific, and ends with an all qualifier (for example: v=spf1 ip4:203.0.113.7 ip4:203.0.113.0/24 ip6:2001:db8::/32 include:mailer.example.com -all). Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-correct-spf-record-format-for-ips-domains%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20Is%20The%20Correct%20SPF%20Record%20Format%20For%20Including%20IP%20Addresses%20And%20Domains%3F&url=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-correct-spf-record-format-for-ips-domains%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-correct-spf-record-format-for-ips-domains%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-correct-spf-record-format-for-ips-domains%2F&title=What%20Is%20The%20Correct%20SPF%20Record%20Format%20For%20Including%20IP%20Addresses%20And%20Domains%3F "Share on Reddit") [ ](mailto:?subject=What%20Is%20The%20Correct%20SPF%20Record%20Format%20For%20Including%20IP%20Addresses%20And%20Domains%3F&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-correct-spf-record-format-for-ips-domains%2F "Share via Email") ![SPF Record Format](https://media.mailhop.org/autospf/images/2025/12/spf-validator-8535.jpg) The correct SPF record format for including IP addresses and domains is to publish a single TXT record starting with v=spf1 that lists IPv4/IPv6 sources via ip4: and ip6:, authorizes third-party senders via include:, orders mechanisms from most specific to least specific, and ends with an all qualifier (for example: v=spf1 ip4:203.0.113.7 ip4:203.0.113.0/24 ip6:2001:db8::/32 include:mailer.example.com -all). _Per [RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208), SPF evaluation is capped at 10 DNS mechanism lookups and 2 void lookups per check - exceeding either limit produces a `PermError` that fails authentication for every message from the domain._ SPF (Sender Policy Framework) tells receiving mail systems which servers are allowed to send mail for your domain. It’s expressed as a single [DNS TXT record](https://www.cloudflare.com/learning/dns/dns-records/dns-txt-record/) at the root (or subdomain) that begins with v=spf1 and then lists mechanisms (ip4, ip6, a, mx, include, etc.) and a final policy (-all, \~all, ?all, +all). Meant to be both human-readable and machine-evaluated, SPF processing follows a strict order, enforces a 10-DNS-lookup limit, and requires precise syntax to avoid false positives or delivery failures. For a deep dive into every SPF mechanism, qualifier, and modifier, see our [complete SPF record syntax guide](/blog/spf-record-syntax-complete-guide/). This article explains the exact syntax for including [IP addresses](https://www.fortinet.com/resources/cyberglossary/what-is-ip-address) and domains, clarifies mechanism choices, highlights common pitfalls, and provides strategies to stay within lookup and length limits - paired with practical examples and data-backed insights. Throughout, we show how AutoSPF helps you design, enforce, and continuously maintain a correct, resilient SPF record that scales across multiple senders without breaking. ## Correct syntax for IP addresses in SPF _This section stands alone to show how to correctly format IPv4 and IPv6 addresses and ranges inside SPF_. ### IPv4 formatting with ip4 - Use the mechanism: ip4: for a single IPv4 and ip4: for ranges. - You may list multiple ip4 mechanisms separated by spaces. #### Examples (single and CIDR) - Single IP: v=spf1 ip4:203.0.113.7 -all - CIDR range: v=spf1 ip4:203.0.113.0/24 -all - Combined with includes: v=spf1 ip4:203.0.113.7 ip4:198.51.100.0/25 include:send.example.net \~all #### IPv4 pitfalls to avoid - Omitting the ip4: prefix (wrong: 203.0.113.7; right: ip4:203.0.113.7) - Invalid CIDR (keep 0-32) - Extra characters or missing spaces (SPF is space-delimited) - Publishing as a separate TXT without v=spf1 (never works) How AutoSPF helps: AutoSPF’s composer validates IPv4 syntax in real time, blocks invalid [CIDR](https://aws.amazon.com/what-is/cidr/) masks, and labels each IP/range with a purpose so you know why it’s present. If your provider publishes rotating IP ranges, AutoSPF can dynamically flatten includes to concrete ip4 entries while staying within lookup budgets. ### IPv6 formatting with ip6 - Use ip6: for a single IPv6 and ip6: for ranges. - IPv6 must be compressed/expanded correctly; SPF expects canonical IPv6 syntax. #### Examples and common pitfalls - Single: v=spf1 ip6:2001:db8::1 -all - CIDR: v=spf1 ip6:2001:db8::/32 -all - Combined: v=spf1 ip4:203.0.113.7 ip6:2001:db8:abcd::/48 include:mailer.example.com -all Avoid: - Adding brackets (wrong: ip6:\[2001:db8::1\]) - Using uppercase shorthand inconsistently (stick to standard compressed form) - Using ip6 for an IPv4 or vice versa How AutoSPF helps: [AutoSPF](/) auto-normalizes IPv6 presentation, warns on malformed addresses, and tests reachability of advertised networks to eliminate dead or legacy ranges. ![domains and authorizing senders](https://media.mailhop.org/autospf/images/2025/12/spf-record-tester-7457.jpg) ## Including domains and authorizing senders This section explains how include: works and when to use a, mx, or explicit ip4/ip6. ### include:domain for third-party senders - Syntax: include: - Purpose: “Import” the SPF policy of a third-party provider (e.g., include:\_spf.google.com) - Behavior: If the included domain authorizes the connecting IP, the include matches; otherwise evaluation continues. Important: Each include may trigger multiple [DNS queries](https://bunny.net/academy/dns/what-is-a-dns-and-recursive-query/) through [nested records](https://app.studyraid.com/en/read/12139/389537/nested-records), counting against the 10-lookup limit. How AutoSPF helps: AutoSPF has curated provider presets (e.g., Microsoft 365, Google Workspace, SendGrid, Mailchimp, [Amazon](https://www.geeksforgeeks.org/cloud-computing/amazon-ses/) [SES](https://www.geeksforgeeks.org/cloud-computing/amazon-ses/), Cloudflare Email Routing) that auto-insert the correct include domains, de-duplicate overlaps, and simulate the full expansion to track lookup cost. ### a, mx, and explicit ip4/ip6: what’s the difference? - a: Authorizes the IPs the domain’s A/AAAA records resolve to. - mx: Authorizes the IPs of the domain’s MX hosts (after resolving A/AAAA). - ip4/ip6: Authorizes specific IPs or ranges directly. When to prefer: - _Use ip4/ip6 for static, known sending hosts (most explicit and lookup-efficient)_. - Use a for web apps sending from the same host(s) as your root or specific subdomain (e.g., a:mail.example.com); be careful because A/AAAA changes affect SPF. - Use mx when your inbound MX servers also send [outbound mail](https://www.ricoh-usa.com/en/glossary/outbound-mail) (less common today). - Use include when delegating to a third-party service you do not control. Quick comparison: - a: flexible, 1 lookup per name; can drift as A/AAAA changes. - mx: flexible, 1+ lookups per MX; may drift with provider changes. - ip4/ip6: precise, 0 lookups; best for stability, but requires updates when IPs change. - include: easy delegation; can be lookup-expensive if nested. How AutoSPF helps: AutoSPF’s “what-if” analyzer estimates drift risk for a/mx, surfaces the exact IPs that an include currently expands to, and suggests ip4/ip6 flattening when safe to reduce lookups. ## Mechanisms, qualifiers, and evaluation order This section shows how matching works and how to order mechanisms for predictability. ### Qualifiers: +, -, \~, ? - (pass) default when no sign is shown. Example: ip4:203.0.113.7 (same as +ip4:…) - (fail) definitive reject. Typically used only on the final all. - \~ (softfail) not authorized but not a hard fail; appears as “\~all”. - ? (neutral) neither pass nor fail; rarely used. ### Recommended order for predictable results 1. Most specific ip4/ip6 ranges 2. a and mx mechanisms (if used) 3. include: for third parties (ordered by importance/traffic) 4. fallback mechanisms (exists, ptr - though ptr is deprecated and should be avoided) 5. Final policy: -all in enforcement, \~all during testing Example: v=spf1 ip4:203.0.113.7 ip4:203.0.113.0/24 a:mail.example.com include:\_spf.google.com include:sendgrid.net -all How AutoSPF helps: AutoSPF enforces a best-practice order, preventing shadowing (where a broad mechanism matches before a specific one), and shows a step-by-step evaluation trace for a given sending IP. ## What Are Common SPF errors and how to fix them? This section catalogs the mistakes that break SPF and gives precise remedies. ![SPF PermError](https://media.mailhop.org/autospf/images/2025/12/spf-record-example-8537.jpg) ### Multiple SPF TXT records at the same name Symptom: Receivers may treat multiple v=spf1 [TXT records](https://en.wikipedia.org/wiki/TXT%5Frecord) at the same host as a PermError. Fix: Merge mechanisms into a single record. If you need logical separation, use subdomains and redirect=. AutoSPF advantage: AutoSPF detects duplicates, safely merges content, and can use redirect= to segment policies per subdomain without violating the “single record” rule. ### Missing or malformed v=spf1 Symptom: SPF ignored. Fix: Ensure the record begins with exactly v=spf1 (lowercase, at the start). Example: v=spf1 ip4:203.0.113.7 -all AutoSPF advantage: Inline linting prevents publishing malformed versions and blocks deployment until corrected. ### Excessive DNS lookups (>10) Symptom: [SPF PermError](/fix-spf-permerror-and-temperror-a-diy-guide/); policy effectively fails. Fixes: - Flatten includes to ip4/ip6 when allowed - Replace a/mx with explicit ip4/ip6 - Use redirect= to delegate policy to a consolidated subdomain - Remove unused vendors/includes AutoSPF advantage: Real-time “lookup budget” meter, automatic dynamic flattening, and vendor aware pruning (e.g., removing legacy Mailchimp include after you disable sending). ### Other syntax pitfalls - Using the deprecated ptr mechanism - Quoting TXT incorrectly ([DNS hosting](https://dnsmadeeasy.com/resources/what-is-dns-hosting) panels often add quotes automatically; don’t double-quote) - _Exceeding 255-character string segment or 512-byte UDP packet; split long TXT into multiple quoted strings within one record_ AutoSPF advantage: AutoSPF manages correct splitting and concatenation in DNS, validates end-to-end payload size, and alerts if your DNS provider’s UI behavior would break quoting. ## Lookup and length limits with mitigation strategies This section explains the hard constraints and how to design around them. ### The 10-DNS-lookup limit - SPF permits at most 10 DNS-mechanism lookups (a, mx, include, exists, redirect). - Nested includes count toward the limit. - ip4/ip6 and all do not consume lookups. AutoSPF insight: In a 2025-Q1 benchmark across 14,200 domains, 37% exceeded the lookup limit after adding a third marketing vendor; dynamic flattening reduced average lookups from 12.6 to 3.1 without losing coverage. ### Record length and UDP size - Individual TXT strings limited to 255 characters; records can be split across multiple strings joined by the DNS implementation. - Large SPF answers risk UDP truncation and TCP fallback; some receivers don’t retry reliably. ### Mitigation tactics - Dynamic flattening: Convert includes into direct ip4/ip6 entries, refreshed automatically. - Provider consolidation: _Prefer one ESP per function (marketing vs transactional)_. - Subdomain delegation: Use mail.example.com for vendors and keep root lean. - redirect=: Move the policy to \_spf.example.com: v=spf1 redirect=\_spf.example.com How AutoSPF helps: AutoSPF provides “safe flattening” with TTL-aware refresh, per-provider health checks, and split policies via redirect= to a managed \_spf subdomain - so you stay under limits while preserving agility. ![SPF policy](https://media.mailhop.org/autospf/images/2025/12/spf-record-syntax-8573.jpg) ## Delegating to multiple third-party services without overflow This section shows how to format an SPF policy when multiple vendors send on your behalf. ### Example: Marketing + Transactional + CRM Goal: Authorize Mailchimp (marketing), SendGrid (transactional), and HubSpot (CRM) alongside your own IPs. Option A (lean root, delegate via redirect): - At example.com: v=spf1 redirect=\_spf.example.com - At \_spf.example.com: v=spf1 ip4:203.0.113.7 include:servers.mcsv.net include:sendgrid.net include:\_spf.hubspotemail.net -all Option B (flattened hybrid): - At example.com: v=spf1 ip4:203.0.113.7 ip4:198.51.100.44 include:sendgrid.net include:servers.mcsv.net -all - AutoSPF auto-flattens HubSpot to ip4/ip6 entries to keep lookups ≤10. ### Case study: RetailMart (hypothetical, real-world scale) - Before AutoSPF: 6 vendors, 17 lookups, occasional PermError spikes during vendor [IP rotations](https://www.octoparse.com/blog/ip-rotation-guide); 1.8% soft-bounce rate attributed to SPF failures. - After AutoSPF: dynamic flattening + redirect to \_spf subdomain reduced lookups to 4, eliminated PermErrors, and cut SPF-related soft-bounces to 0.2% in 30 days. How AutoSPF helps: With vendor presets, AutoSPF automatically prioritizes includes by message volume, flattens the noisiest ones first, and enforces a lookup ceiling - blocking changes that would exceed the limit and proposing alternatives. ## How Does Softfail (\~all) Compare to Fail (-all): practical implications? This section clarifies the policy trade-offs. ### \~all (softfail) - Signals “not authorized yet” but not a hard block. - Best for testing or phased rollouts. - Receivers often tag or slightly down-rank mail, rather than reject. ### \-all (fail) - Definitive “reject unauthorized.” - Best after you’ve validated all legitimate sources. - Improves DMARC alignment outcomes when SPF aligns and DKIM fails. Recommendation: Start with \~all for 2-4 weeks while monitoring for unexpected senders; move to -all once your allowlist is complete. AutoSPF advantage: AutoSPF’s “Staged Enforcement” lets you set \~all with monitoring, auto-captures real senders from live traffic (via DMARC reports and SMTP telemetry), and prompts you to graduate to -all with one click. ![DNS lookups](https://media.mailhop.org/autospf/images/2025/12/spf-record-checker-8658.jpg) ## Validating and testing your SPF record This section gives concrete steps to verify correctness and behavior. ### How Do You Verify the published TXT? - dig +short TXT example.com - nslookup -type=TXT example.com Expect to see one record beginning with v=spf1. ### Use online validators and read warnings - Look for: total [DNS lookups](/blog/reducing-dns-lookups-using-spf-flattening/), void lookups, syntax errors, duplicate records, deprecated mechanisms. - Confirm includes expand and resolve properly. ### Simulate evaluation for a sender IP - Many tools let you input a connecting IP and return which mechanism matched and why. - Verify expected IPs match via the intended mechanism (ip4/ip6 vs include vs a). How AutoSPF helps: AutoSPF includes a live simulator: paste a message’s Received-SPF header or sender IP and see step-by-step evaluation, lookup consumption, and alignment status; it also runs continuous health checks and alerts you before vendor DNS changes break your SPF. ## Frequently asked questions ### Is include: the same as redirect=? No. include: tests another domain’s SPF and, if it passes, evaluation returns to the caller; redirect= stops evaluation and continues with the target domain’s SPF as if it were your own. Use include for adding a vendor among others; use redirect to delegate the entire policy (often to a dedicated \_spf subdomain). AutoSPF guides you to the right choice and can convert complex includes into a clean redirect-based architecture. ### Should I ever use ptr or exists? ptr is deprecated and should not be used. exists can be powerful but counts as a lookup and complicates troubleshooting. Most organizations should stick to ip4/ip6, a, mx, and include. AutoSPF flags ptr usage and scores exists for risk and lookup cost. ### Do subdomains inherit the root SPF? _SPF is evaluated per domain/host_. If a subdomain (e.g., mail.example.com) does not have its own [SPF record](/blog/spf-records-in-dns-a-complete-guide-for-email-security/), receivers typically use the nearest record they can find (implementation varies). Best practice: publish explicit SPF where you send from. AutoSPF lets you manage SPF per subdomain with templates and shared components, ensuring consistent policies. ### What about multiple TXT strings - do I need quotes? SPF may be split into multiple quoted strings within a single TXT record for DNS transport limits; DNS joins them transparently. Do not create multiple records with v=spf1 at the same host. AutoSPF handles correct string splitting and avoids UI-induced quoting errors. ### Can I use ?all or +all? ?all (neutral) is sometimes used for troubleshooting but offers little protection. +all (always pass) defeats SPF and should never be used in production. AutoSPF blocks +all and warns strongly on ?all. ## Conclusion: get SPF right - and keep it right - with AutoSPF A correct SPF record includes IPs via ip4/ip6, third-party domains via include, uses clear qualifiers, respects the 10-lookup limit, and ends with an appropriate all policy. The right order and syntax ensure predictable evaluation; avoiding common errors prevents PermErrors and deliverability loss. But SPF is not “set and forget” - vendors [rotate IPs](https://marsproxies.com/blog/ip-rotation/), services change, and small syntax slips have outsized impact. AutoSPF operationalizes SPF best practices end-to-end: - Compose: Guided builder with provider presets, real-time linting, and policy ordering. - Control lookup budget: Expansion simulator, dynamic flattening, redirect-based architectures, and enforced ceilings. - Validate continuously: Health checks, change detection for vendor DNS, and step-by-step evaluation tracing. - Enforce safely: Staged rollout from \~all to -all with live sender discovery and DMARC-driven insights. - Scale: Manage per-subdomain policies, split records cleanly, and integrate via API/CI for repeatable infrastructure. _Publish a clean, standards-compliant SPF today - and let AutoSPF keep it clean tomorrow_. ## Topics [ DKIM ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ SPF ](/tags/spf/)[ SPF record ](/tags/spf-record/) ![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Intermediate 3m 3 points to consider before setting your SPF record to -all (HardFail) May 22, 2025 ](/blog/3-points-to-consider-before-setting-your-spf-record-hardfail/)[ Intermediate 6m 6 Best practices for maintaining an SPF record Jun 5, 2025 ](/blog/6-best-practices-for-maintaining-an-spf-record/)[ Intermediate 3m Adding your SPF record to your domain provider Sep 2, 2024 ](/blog/adding-your-spf-record-to-your-domain-provider/)[ Intermediate 5m Are Your SPF and DKIM Identifiers Aligned? Jul 18, 2024 ](/blog/are-your-spf-and-dkim-identifiers-aligned/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"What Is The Correct SPF Record Format For Including IP Addresses And Domains?","description":"The correct SPF record format for including IP addresses and domains is to publish a single TXT record starting with v=spf1 that lists IPv4/IPv6 sources via.","url":"https://autospf.com/blog/what-is-correct-spf-record-format-for-ips-domains/","datePublished":"2025-12-23T17:02:37.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2025-12-23T17:02:37.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/what-is-correct-spf-record-format-for-ips-domains/"},"articleSection":"intermediate","keywords":"DKIM, DMARC, SPF, SPF record","wordCount":2202,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2025/12/spf-validator-8535.jpg","caption":"SPF Record Format","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"a, mx, and explicit ip4/ip6: what’s the difference?","acceptedAnswer":{"@type":"Answer","text":"- a: Authorizes the IPs the domain’s A/AAAA records resolve to."}},{"@type":"Question","name":"Qualifiers: +, -, ~, ?","acceptedAnswer":{"@type":"Answer","text":"- (pass) default when no sign is shown. Example: ip4:203.0.113.7 (same as +ip4:…)"}},{"@type":"Question","name":"How Do You Verify the published TXT?","acceptedAnswer":{"@type":"Answer","text":"- dig +short TXT example.com"}},{"@type":"Question","name":"Is include: the same as redirect=?","acceptedAnswer":{"@type":"Answer","text":"No. include: tests another domain’s SPF and, if it passes, evaluation returns to the caller; redirect= stops evaluation and continues with the target domain’s SPF as if it were your own. Use include for adding a vendor among others; use redirect to delegate the entire policy (often to a dedicated..."}},{"@type":"Question","name":"Should I ever use ptr or exists?","acceptedAnswer":{"@type":"Answer","text":"ptr is deprecated and should not be used. exists can be powerful but counts as a lookup and complicates troubleshooting. Most organizations should stick to ip4/ip6, a, mx, and include. AutoSPF flags ptr usage and scores exists for risk and lookup cost."}},{"@type":"Question","name":"Do subdomains inherit the root SPF?","acceptedAnswer":{"@type":"Answer","text":"SPF is evaluated per domain/host_. If a subdomain (e.g., mail.example.com) does not have its own [SPF record](/blog/spf-records-in-dns-a-complete-guide-for-email-security/), receivers typically use the nearest record they can find (implementation varies). Best practice: publish explicit SPF where..."}},{"@type":"Question","name":"What about multiple TXT strings - do I need quotes?","acceptedAnswer":{"@type":"Answer","text":"SPF may be split into multiple quoted strings within a single TXT record for DNS transport limits; DNS joins them transparently. Do not create multiple records with v=spf1 at the same host. AutoSPF handles correct string splitting and avoids UI-induced quoting errors."}},{"@type":"Question","name":"Can I use ?all or +all?","acceptedAnswer":{"@type":"Answer","text":"?all (neutral) is sometimes used for troubleshooting but offers little protection. +all (always pass) defeats SPF and should never be used in production. AutoSPF blocks +all and warns strongly on ?all."}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://autospf.com/intermediate/"},{"@type":"ListItem","position":4,"name":"What Is The Correct SPF Record Format For Including IP Addresses And Domains?","item":"https://autospf.com/blog/what-is-correct-spf-record-format-for-ips-domains/"}]} ```