How to Add an SPF Record in Netlify
Step-by-step guide to adding SPF records in Netlify DNS. Learn when to use Netlify DNS vs your registrar and how to set up SPF TXT records.
Netlify is best known as a hosting platform for modern web applications, but it also offers basic DNS management. If you've pointed your domain's nameservers to Netlify, you can manage DNS records -- including SPF -- through Netlify's dashboard. However, there's an important distinction to understand: many Netlify users host their site on Netlify but keep their DNS at their domain registrar. This guide covers both scenarios and walks you through adding SPF records in Netlify DNS.
Do You Actually Manage DNS Through Netlify?
Before diving into the steps, it's worth checking whether your DNS is actually managed through Netlify. Many users use Netlify for web hosting but keep DNS at their registrar (like Namecheap, Cloudflare, or GoDaddy). In that case, you'd add your SPF record at the registrar, not in Netlify.
To check: look at your domain's nameservers. If they point to something like dns1.p01.nsone.net (Netlify's DNS provider), you're using Netlify DNS. If they point to your registrar's nameservers, that's where you'll manage SPF.
Netlify DNS is a basic DNS service designed primarily for connecting your domain to Netlify-hosted sites. It works fine for TXT records like SPF, but it has fewer features than dedicated DNS providers like Cloudflare or Route 53. If you need advanced DNS features, you may want to manage DNS elsewhere.
Why SPF Matters
If your domain sends email -- through Google Workspace, Microsoft 365, SendGrid, or any other service -- an SPF record tells receiving mail servers which services are authorized to send on your behalf, as defined in RFC 7208. Without SPF, your emails are more likely to be flagged as spam or rejected outright. It's a simple TXT record that takes just a few minutes to set up, regardless of where your DNS is hosted.
Step-by-Step: Adding an SPF Record in Netlify DNS
Log in to Netlify
Go to app.netlify.com and sign in to your account.
Navigate to DNS settings
Click on Domains in the top navigation. Find your domain and click on it. Then click DNS settings (see Netlify's DNS documentation for details). You'll see a list of existing DNS records.
Check for existing SPF records
Scroll through the records and look for any TXT record with a value starting with v=spf1. If one already exists, you'll need to edit or replace it -- your domain can only have one SPF record.
Add a new DNS record
Click Add new record. Set the Record type to TXT. In the Name field, leave it blank or enter your domain name (Netlify uses blank for root domain records). In the Value field, paste your SPF record -- for example: v=spf1 include:_spf.google.com -all. Click Save.
Verify the record is live
DNS changes through Netlify typically propagate within a few minutes. Check your record at SPF Record Check to confirm it's published and valid.
A Note on the Name Field
In Netlify's DNS interface, the Name field for root domain records should be left blank or set to your domain name. Netlify automatically associates blank-name records with the root domain. Don't enter @ -- Netlify's DNS doesn't use the @ convention. If you enter a subdomain name, the SPF record will only apply to that subdomain.
SPF Record Examples
Here are ready-to-use SPF records for common email configurations. Paste these into the Value field.
Google Workspace Only
Use the _spf.google.com include for Google Workspace:
v=spf1 include:_spf.google.com -all
Microsoft 365 Only
Use the spf.protection.outlook.com include for Microsoft 365:
v=spf1 include:spf.protection.outlook.com -all
Google Workspace + SendGrid
v=spf1 include:_spf.google.com include:sendgrid.net -all
Microsoft 365 + Mailchimp
v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net -all
Google Workspace + Amazon SES
v=spf1 include:_spf.google.com include:amazonses.com -all
| Setup | SPF Record | Est. Lookups |
|---|---|---|
| Google Workspace | v=spf1 include:_spf.google.com -all | ~3 |
| Microsoft 365 | v=spf1 include:spf.protection.outlook.com -all | ~2 |
| Google + SendGrid | v=spf1 include:_spf.google.com include:sendgrid.net -all | ~4 |
| M365 + Mailchimp | v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net -all | ~4 |
| Google + Amazon SES | v=spf1 include:_spf.google.com include:amazonses.com -all | ~4 |
SPF records are limited to 10 DNS lookups. Each include adds at least one lookup. Use SPF Record Check to count your total lookups and make sure you're within the limit.
Monitor your email authentication
After setting up SPF, make sure it keeps working. Get daily checks on SPF, DKIM, and DMARC.
Common Netlify DNS SPF Mistakes
Adding SPF in Netlify When DNS Is Managed Elsewhere
The most common Netlify-specific mistake. If your domain's nameservers point to your registrar (not Netlify), any DNS records you add in Netlify won't be served. Always confirm where your nameservers point before adding records. If DNS is at your registrar, add the SPF record there instead.
Creating Duplicate SPF Records
Netlify's DNS interface allows you to add multiple TXT records without warning you about duplicates. If you create two TXT records starting with v=spf1, you'll cause a permerror that breaks SPF for all your email. Always check for existing SPF records first.
Using @ in the Name Field
Unlike Cloudflare and some other providers, Netlify's DNS doesn't interpret @ as the root domain. If you enter @, it may create the record on a literal @ subdomain. Leave the Name field blank for root domain records.
Not Realizing Netlify DNS Is Limited
Netlify DNS is designed primarily for connecting your domain to Netlify-hosted sites. It works for basic DNS management, but it lacks features like DNSSEC, detailed TTL control, and DNS analytics. If you need more control over your DNS, consider using a dedicated DNS provider like Cloudflare and just pointing your site to Netlify via CNAME.
Editing an Existing SPF Record in Netlify
Netlify's DNS interface doesn't have a traditional "edit" button for records. To update an existing SPF record:
Find your SPF record
Go to Domains > your domain > DNS settings. Find the TXT record starting with v=spf1.
Delete the old record
Click the X or delete button next to the existing SPF record. Confirm the deletion.
Add the updated record
Click Add new record and create a new TXT record with your updated SPF value. Leave the Name blank for the root domain. Paste the new value and click Save.
Verify the change
Wait a few minutes for propagation, then check the record at SPF Record Check.
Copy before deleting
Before deleting the old record, copy its value. You may need to reference it when creating the updated version, and you'll want a backup in case something goes wrong.
Verifying Your SPF Record
After adding or updating your SPF record in Netlify DNS, verify it's correct.
- SPF Record Check -- Go to spfrecordcheck.com and enter your domain. It validates syntax, counts DNS lookups, and flags errors.
- Send a test email -- Send a message from each email service in your SPF record. Check the headers on the receiving side for
spf=pass. - Command line -- Run
dig TXT yourdomain.com +shortornslookup -type=TXT yourdomain.comto see the raw TXT records for your domain.
Complete Your Email Authentication
SPF is the first piece of email authentication. For full protection, set up all three protocols:
- DKIM adds a cryptographic signature to outgoing emails, proving they haven't been tampered with. Use DKIM Creator to generate your DKIM keys and add the TXT records in Netlify DNS (or wherever your DNS is managed).
- DMARC ties SPF and DKIM together and defines what happens when authentication fails. Use DMARC Creator to build your DMARC policy.
Both DKIM and DMARC records are added as TXT records, following the same process as SPF.
Related Articles
Never miss an SPF issue
Monitor your SPF, DKIM, DMARC and MX records daily. Get alerts when something breaks.
Start Monitoring