H
10Corp Premium Hosting

Configuring SPF Records for Email

Last Updated: March 2026 3 min read

Overview

SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are authorized to send email on behalf of your domain. When a receiving server gets a message claiming to be from your domain, it checks your SPF record to verify the sender. Without SPF, your emails are more likely to be marked as spam or rejected entirely.

How SPF Works

  1. You publish a TXT record in your domain’s DNS that lists authorized sending servers.
  2. When someone receives an email from your domain, their mail server queries your DNS for the SPF record.
  3. The receiving server compares the sending server’s IP address against the list in your SPF record.
  4. Based on the result (pass, fail, softfail, neutral), the receiving server decides whether to accept, reject, or flag the message.

Creating an SPF Record

SPF records are added as TXT records in your domain’s DNS settings. Log in to your 10Corp domain dashboard, navigate to DNS Management, and add a new TXT record.

Basic Syntax

v=spf1 [mechanisms] [qualifier]
  • v=spf1 — Identifies this as an SPF record (always required).
  • include: — Authorizes another domain’s SPF-listed servers.
  • ip4: — Authorizes a specific IPv4 address or range.
  • ip6: — Authorizes a specific IPv6 address or range.
  • a — Authorizes the server(s) in your domain’s A record.
  • mx — Authorizes the server(s) in your domain’s MX records.
  • ~all — Soft fail for everything not listed (recommended starting point).
  • -all — Hard fail for everything not listed (stricter).

Examples

Basic hosting email:

v=spf1 mx ~all

Google Workspace:

v=spf1 include:_spf.google.com ~all

Microsoft 365:

v=spf1 include:spf.protection.outlook.com ~all

Multiple services (hosting + Google Workspace + a marketing tool):

v=spf1 include:_spf.google.com include:spf.mailservice.com mx ~all

Important Rules

  • Only one SPF record per domain. If you need to authorize multiple services, combine them into a single record using multiple include: statements.
  • DNS lookup limit: SPF evaluation allows a maximum of 10 DNS lookups. Each include:, a, mx, and redirect mechanism counts as one lookup. Exceeding this limit causes SPF to return a permanent error.
  • Use ~all (soft fail) while testing, then switch to -all (hard fail) once you have confirmed everything works.

Verifying Your SPF Record

After adding or updating your SPF record, verify it using:

Common Mistakes

  • Creating multiple TXT records with SPF data (only one is allowed).
  • Exceeding the 10 DNS lookup limit by including too many services.
  • Forgetting to add a third-party marketing email service to the SPF record.
  • Using +all which authorizes every server in the world to send as your domain.
Tags: email spf dns deliverability authentication
Back to Email All Categories

Still need help?

Our support team is available 24/7 to assist you.

Open a Ticket Live Chat