An SPF record is your way of telling mailbox providers which IP addresses or domains are authorized to send mail on your behalf, so it is very important that it is accurate and up to date. Sending email from an IP or domain not included in your SPF record results in a failed authentication verification.
SPF is an important component of email deliverability and sending reputation.
- Get the 5 Minute Guide to Email Deliverability free.
- Check your Sender Score for free at Senderscore.org.
- Validate the email addresses on your list with BriteVerify so you can avoid damaging your sending reputation, get 500 verifications for Free.
- Refer to RFC 7208 for details
- Common SPF syntax errors
Including IP addresses in your SPF record
There are two IP address versions you may need to include in your SPF record: IPv4 and IPv6. Most organizations and ESPs use IPv4 addresses. IPv6 addresses are not widely used at this time.
- IPv4 addresses look similar to: 220.127.116.11
- IPv6 addresses look similar to: 2001:4860:4000:4uh5:b2fw:0000:8e5d:6432
If you have an IPv4 address, the IP is included in your SPF record with an ip4 mechanism.
If you have an IPv6 address, the IP is included in your SPF record with an ip6 mechanism.
An incorrect IP mechanism for your IP address in your SPF record results in a failed authentication check.
There are three ways to include IP addresses in your SPF record.
- A single IP address
- Multiple, non-sequential IP addresses
- Multiple, sequential IP addresses using CIDR notation
A single IP address
- IPv4: v=spf1 ip4:18.104.22.168 -all
- IPv6: v=spf1 ip6:2001:4860:4000:4uh5:b2fw:0000:8e5d:6432 -all
Be sure to use the correct mechanism for the IPv4 (ip4) and IPv6 (ip6) addresses.
Multiple, non-sequential IP addresses
- IPv4: v=spf1 ip4:22.214.171.124 ip4:126.96.36.199 -all
- IPv6: v=spf1 ip6:2001:4860:4000:4uh5:b2fw:0000:8e5d:6432 ip6:2010:3240:0000:9uv1:n3pl:0000:8e5d:7854 -all
You can add as many IP addresses as needed to your SPF record up to the 255 character TXT record limit. If the number of IP addresses in your SPF record exceeds 255 characters, investigate different options to shorten your SPF record.
It is uncommon to send email from both an IPv4 and IPv6 address, however, you can add each type of address in the same SPF record if required.
Multiple, sequential IP addresses using CIDR notation
CIDR notation is a compact representation of a sequential range of IP addresses. Using CIDR notation for a single IP address works, it is just unnecessary.
- Use IP Address Guide to convert an IP address range to CIDR or a CIDR range to IP addresses.
For example, Google uses 4,096 IP addresses that range from 188.8.131.52 - 184.108.40.206. Listing each IP address individually in the SPF record does not work because the record exceeds the 255 character TXT record limit. To solve this problem using CIDR notation, Google’s 4,096 IP addresses are represented as: 220.127.116.11/20.
- IPv4: This is the SPF record for _netblocks.google.com
v=spf1 ip4:18.104.22.168/20 ip4:22.214.171.124/19 ip4:126.96.36.199/20 ip4:188.8.131.52/20 ip4:184.108.40.206/18 ip4:220.127.116.11/16 ip4:18.104.22.168/21 ip4:22.214.171.124/16 ip4:126.96.36.199/20 ip4:188.8.131.52/17 ip4:184.108.40.206/19 ip4:220.127.116.11/19 ~all
- IPv6: This is the SPF record for _netblocks2.google.com
v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all