2network.app
Docs Tools
← All Docs

SPF Builder

Build valid SPF TXT records for your domain with an interactive form. Supports Google, Microsoft 365, SendGrid, and 12+ email providers.

Try SPF Builder →

What It Does

The SPF (Sender Policy Framework) Builder generates a valid SPF TXT record for your domain's DNS. It provides an interactive form with checkboxes for common email providers, fields for custom includes and IP addresses, and enforcement policy selection. The tool validates DNS lookup limits and record length.

How to Use It

  1. Navigate to DNS Tools → SPF Builder from the top menu.
  2. Optionally enter your domain name (used in the DNS entry output).
  3. Check all email providers that send mail on behalf of your domain (Google Workspace, Microsoft 365, SendGrid, etc.).
  4. Add any custom include domains for third-party services not in the list.
  5. Add any specific IP addresses or CIDR ranges that send mail directly.
  6. Choose whether to allow your domain's MX servers and/or A record IP.
  7. Select an enforcement policy (Fail is recommended for production).
  8. Click Generate SPF Record.
  9. Copy the generated record and add it as a TXT record in your DNS.

Understanding SPF Policies

  • -all (Fail): Receiving servers should reject email from unauthorized senders. This is the strictest and most secure option. Recommended for production.
  • ~all (SoftFail): Unauthorized email is accepted but flagged. Good for initial testing before switching to -all.
  • ?all (Neutral): No assertion about unauthorized senders. SPF is effectively not enforced.
  • +all (Pass): Allows any server to send as your domain. Never use this.

DNS Lookup Limit

The SPF specification (RFC 7208) limits SPF records to 10 DNS lookups. Each include:, mx, a, and redirect= mechanism counts as one lookup. If your record exceeds 10 lookups, some receiving mail servers will return a PermError and may reject your email.

The builder tracks your lookup count in real-time and warns you if you exceed the limit. If you hit the limit, consider using an SPF flattening service or consolidating your includes.

Example: Google Workspace + SendGrid

Your company uses Google Workspace for employee email and SendGrid for transactional email:

  1. Check Google Workspace / Gmail.
  2. Check SendGrid.
  3. Leave MX checked (allows your mail servers).
  4. Select Fail (-all) as the policy.
  5. Click Generate.

Result: v=spf1 mx include:_spf.google.com include:sendgrid.net -all

Use Cases

  • New domain setup: Create an SPF record before sending your first email.
  • Email deliverability: Fix "SPF fail" bounces by adding missing providers.
  • Vendor onboarding: Add a new email service without breaking existing SPF.
  • Security audit: Review and tighten an overly permissive SPF policy.
  • Migration: Build an SPF record that covers both old and new mail infrastructure.

Related Tools

DNS Lookup Perform live DNS queries using public DNS-over-HTTPS resolvers. Look up A, AAAA,... Port Lookup Search and explore 110+ network ports with descriptions, protocols, known vulner... Subnet Calculator Learn how to use the 2network IPv4 Subnet Calculator to compute network addresse...