Skip to content
AutoSPF – Automatic SPF flattening
  • for Enterprise
  • for SMBs
  • Plans & Pricing
  • PartnersExpand
    • Partner Program
    • Book A Demo
  • AboutExpand
    • How it Works
    • Book A Demo
    • FAQs
    • Partner Program
    • About Us
    • Contact Us
    • Get Support
  • Login
Fix My SPF Record
AutoSPF – Automatic SPF flattening

A Guide on SPF Record Format

Table of Contents
  • SPF Record Format
  • SPF Record Example
  • Best Practices for Managing SPF Records
    • Minimize DNS Lookups
    • Use CIDR notations for IP Ranges
    • Set a Policy for Unspecified Servers 
    • Merging Multiple Records
    • Use Quotes for Domains with Spaces
    • Use SPF Lookup Tools
  • Summary
spf record tester 1

Creating an SPF record without knowing the correct format is of no use. Your TXT record will likely be erroneous and, hence, ineffective against phishing and spoofing attacks. It’s made up of an SPF Record syntax list, which is categorized as mechanisms, modifiers, and qualifiers. Their collective use helps domain owners place a set of instructions for recipients’ mailboxes or mail servers on how to manage illegitimate email messages coming from your domain. 

SPF Record Format

Let’s break down the components-

  • v=spf1: This is the version tag and specifies which SPF version is in use. Every SPF record must begin with this.
  • Mechanisms: Mechanisms are core components and give instructions if emails failing SPF checks should be marked as spam, rejected, or treated normally. Common mechanisms include-
  1. a: Authorizes the specified domain’s A record.
  2. mx: Authorizes the specified domain’s MX (Mail Exchange) records.
  3. ip4 and ip6: Authorize specific IPv4 or IPv6 addresses or address ranges.
  4. include: Authorizes the specified domain, allowing it to include its own SPF record.
  5. ptr: Allows the use of reverse DNS lookups for authorization.
spf record format

Image sourced from leadfeeder.com

  • Modifiers:  They are meant to provide additional instructions or information about the SPF record. Common modifiers are-
  1. redirect: Specifies that the client should check the SPF record of another domain.
  2. exp: Provides an explanation for an SPF failure.

SPF Record Example

v=spf1 include:_spf.example.com ~all

Here’s what each of the elements means in this example-

  • v=spf1 indicates the SPF version 1.
  • ‘include:_spf.example.com’ permits the domain _spf.example.com to send emails on behalf of the organization using this domain.
  • ‘~all’ specifies a softfail, which directs recipients’ servers to mark illegitimate emails as suspicious and place them in the spam folders.
spf record generator

Best Practices for Managing SPF Records

Minimize DNS Lookups

Exceeding the lookup limit of 10 makes your SPF TXT record invalid. If this problem persists, reach out to us for automatic SPF flattening. We’ll automatically replace domains with their IP addresses to eliminate the need for frequent and too many lookups.

Use CIDR notations for IP Ranges

CIDR notation means using an IP address and its associated routing prefix. It’s represented by a forward slash and the number of significant bits in the routing prefix. 

Example: 192.34.34.0/22

Set a Policy for Unspecified Servers 

Use the ‘all’ mechanism to set the policy for servers not covered by other mechanisms. Choose between ‘+’ (pass), ‘-’ (fail), ‘~’ (soft fail), or ‘?’ (neutral).

Merging Multiple Records

Having multiple SPF records for a single domain causes confusion for recipients’ servers, especially if the information in the records varies. So, instead, merge them into one consolidated record. Using ‘include’ statements. 

Use Quotes for Domains with Spaces

If you are adding a domain name with spaces, ensure using double quotes.

Example: 

v=spf1 include: "example with spaces" -all

Use SPF Lookup Tools

Regularly use SPF testing tools to check the validity and effectiveness of your SPF records.

spf record generator 1

Summary

A malicious sender uses an unauthorized mail server to send a fraudulent message in order to fool mail receivers into sharing sensitive information. SPF, DKIM, and DMARC DNS records offer protection against such email senders by specifying a legitimate network range (ip4-network and ip6-network) for authentication and compliance.

ARTICLES

  • . Create an SPF Record
  • . What is SPF?
  • . How SPF Works
  • . Too Many DNS Lookups
  • . Types of SPF Errors

NAVIGATE

Plans & Pricing
Contact Us
Book A Demo
FAQs
Knowledge Base
Read our Blog
Login to Dashboard

GET IN TOUCH

DuoCircle LLC
5965 Village Way Suite 105-234
San Diego, CA 92130
Phone: +1-855-700-1386

⛑️ Get 24x7 Support

COMPLIANCES

AutoSPF is fully Compliant with the leading Industry Standards

Copyright © 2025 DuoCircle LLC. All Rights Reserved. Privacy Policy, Terms of Service.

  • for Enterprise
  • for SMBs
  • Plans & Pricing
  • Partners
    • Partner Program
    • Book A Demo
  • About
    • How it Works
    • Book A Demo
    • FAQs
    • Partner Program
    • About Us
    • Contact Us
    • Get Support
  • Login