SPF Generator

Build an SPF record from common mechanisms like include, ip4, ip6, a, mx, and exists. This is useful when you are publishing a new SPF policy or rewriting one into a cleaner, more deliberate format.

Current SPF Preview

  • v=spf1 ~all

Generated SPF

No SPF record generated yet.

Mechanisms

Use a domain that publishes its own SPF policy, such as _spf.google.com.

Common provider presets

Add common SPF includes for major mail platforms, gateways, and outbound sender services even when MX routing does not reveal them.

Core Mail Platforms

Google Workspace: add include:_spf.google.com

Google Workspace commonly publishes outbound senders through _spf.google.com.

Microsoft 365: add include:spf.protection.outlook.com

Microsoft 365 commonly uses include:spf.protection.outlook.com for outbound mail.

Fastmail: add include:spf.messagingengine.com

Fastmail commonly uses include:spf.messagingengine.com.

Proton Mail: add include:spf.protonmail.ch

Proton Mail commonly uses include:spf.protonmail.ch.

Zoho Mail: add include:spf.zoho.com

Zoho Mail commonly uses include:spf.zoho.com.

Mail Gateways & Security

Mimecast: add include:_netblocks.mimecast.com

Mimecast environments often use _netblocks.mimecast.com in SPF.

Mimecast: add include:_extnetblocks.mimecast.com

Some Mimecast setups also require _extnetblocks.mimecast.com.

Hornetsecurity: add include:spf.hornetsecurity.com

Hornetsecurity commonly uses include:spf.hornetsecurity.com.

Proofpoint Essentials: add include:_spf-us.ppe-hosted.com

Proofpoint Essentials often uses a regional hosted include such as _spf-us.ppe-hosted.com.

Proofpoint Essentials: add include:_spf-eu.ppe-hosted.com

EU Proofpoint Essentials tenants may use _spf-eu.ppe-hosted.com.

Cisco Secure Email: add include:_spf.iphmx.com

Cisco Secure Email environments commonly use include:_spf.iphmx.com.

Transactional & Marketing Mail

Amazon SES: add include:amazonses.com

Amazon SES commonly uses include:amazonses.com for SPF authorization.

SendGrid: add include:sendgrid.net

SendGrid commonly uses include:sendgrid.net.

Mailgun: add include:mailgun.org

Mailgun commonly uses include:mailgun.org.

Postmark: add include:spf.mtasv.net

Postmark commonly uses include:spf.mtasv.net.

Mailchimp Transactional: add include:spf.mandrillapp.com

Mailchimp Transactional commonly uses include:spf.mandrillapp.com.

Brevo: add include:spf.sendinblue.com

Brevo commonly uses include:spf.sendinblue.com.

SparkPost: add include:spf.sparkpostmail.com

SparkPost commonly uses include:spf.sparkpostmail.com.

Salesforce: add include:_spf.salesforce.com

Salesforce commonly uses include:_spf.salesforce.com.

Exclaimer (EU): add include:spf.eu.exclaimer.net

Exclaimer server-side mail flow for Europe uses include:spf.eu.exclaimer.net.

Exclaimer (UK): add include:spf.uk.exclaimer.net

Exclaimer server-side mail flow for the United Kingdom uses include:spf.uk.exclaimer.net.

Exclaimer (US): add include:spf.us.exclaimer.net

Exclaimer server-side mail flow for the United States uses include:spf.us.exclaimer.net.

Exclaimer (AU): add include:spf.au.exclaimer.net

Exclaimer server-side mail flow for Australia uses include:spf.au.exclaimer.net.

Exclaimer (CA): add include:spf.ca.exclaimer.net

Exclaimer server-side mail flow for Canada uses include:spf.ca.exclaimer.net.

Exclaimer (DE): add include:spf.de.exclaimer.net

Exclaimer server-side mail flow for Germany uses include:spf.de.exclaimer.net.

Exclaimer (UAE): add include:spf.uae.exclaimer.net

Exclaimer server-side mail flow for the UAE uses include:spf.uae.exclaimer.net.

How to use it

  • Use include when another mail service publishes and maintains its own SPF policy.
  • Use ip4 or ip6 for fixed outbound mail IPs you control directly.
  • Use a or mx carefully because they add DNS lookups and can expand as your DNS changes.
  • Use the MX detection button to suggest common provider includes based on live mail-routing fingerprints.
  • Use the preset catalog for transactional senders and cloud mail services that may not appear in MX records.
  • Finish with ~all while monitoring, then move to -all once you are confident every legitimate sender is covered.

Related Tools

SPF Checker

Break down SPF mechanisms, redirects, includes, and lookup count.

Email Security Check

Review SPF, DMARC, DKIM, MTA-STS, TLS-RPT, and BIMI together.

Blacklist Checker

Check whether a domain or IP appears on common blocklists.

Related Articles

SPF Record Explained: Syntax, Mechanisms, and Limits

Learn how an SPF record works, what common SPF mechanisms mean, how qualifiers affect policy, and how to avoid typical SPF mistakes.

What is SPF and how does it work?

Learn what SPF is, how SPF records are evaluated, what include and all mechanisms mean, and how to troubleshoot common SPF problems.

How to Check Whether an SPF Record Is Too Complex

A practical SPF troubleshooting guide covering recursive includes, DNS lookup limits, redirect behaviour, and how to simplify an overly complex SPF policy.