Fill in the form — get a ready-made TXT record for your DNS.
SPF (Sender Policy Framework, RFC 7208) — a mechanism to protect against email sender address spoofing. A TXT DNS record lists servers authorized to send email on behalf of the domain.
include:spf.google.com — Google Workspace;include:spf.protection.outlook.com — Microsoft 365;include:amazonses.com — Amazon SES;include:sendgrid.net — SendGrid.Check whether the record exceeds the limit of 10 DNS lookups. Our generator counts the included mechanisms — if the limit is exceeded, consolidate multiple include entries or use broader conditions such as a and mx. Also make sure you have not forgotten any legitimate senders, especially third-party mailing services. After fixing, wait 5–30 minutes for DNS propagation and test delivery with Gmail or Yandex.
Yes, the tool generates a record for the specific domain you enter. Each domain or subdomain (for example, sub.domain.com) requires its own SPF record because they have separate DNS zones. Copy the result for each domain and publish it in the corresponding zone. The generator supports subdomains — just enter the full name in the include field.
For a domain actively used for email, we recommend switching to the strict -all policy after testing — it tells mail servers to categorically reject messages from unauthorized senders. Start with ~all (soft fail) for 2–3 days and review the logs: if all required services passed authentication, switch to -all. This reduces the risk of blocking legitimate emails due to a configuration mistake.