What should I know about the SPF record string character limit?

Sender Policy Framework (SPF) records have a 255 character string limit in Domain Name System (DNS). If you have an SPF record with a string longer than 255 characters, you will fail the SPF authentication check.

Here are some common ways to optimize your SPF record character space:

Remove mechanisms that resolve to the same domain

Remove any mechanisms from your SPF record that resolve to the same domain.

For example, Return Path’s SPF record references both and’s SPF record. However,’s SPF record already has an include statement for This means that Return Path only needs an include statement for

Avoid ptr mechanisms

You should avoid using the ptr mechanism because it is not supported by SPF specification anymore and will count toward your character limit.

The ptr mechanism is a type of DNS record that resolves an IP address to a domain or hostname.

Remove legacy partner and vendor domains

You should remove any include statements that redirect the SPF check to a vendors or partners’ SPF record who no longer send email on your behalf. Removing these eliminates unnecessary character space.

Senders use include statements to redirect the SPF check to a vendor or partner’s SPF record whose IPs often change. Using the include statement of a partner or vendor means the sender does not have to consistently update those changing IP ranges in their own SPF record.

Check the address range

If you have many ip4 and ip6 mechanisms, make sure they’re not redundant. For example, remove any ip4 or ip6 mechanisms that you aren’t using anymore and check to see if there are any IP address ranges that can be merged.

Here’s an example of IP address ranges that can be merged using CIDR notation:

v=spf1 a mx ip4: ip4: -all

ip4: = 256 IP addresses; -

ip4: = 256 IP addresses; -

Here’s what the above example can be replaced with:

v=spf1 a mx ip4: -all

ip4: 512 IP addresses; -

Create an SPF specific subdomain

Another effective way to reduce the number of characters in an SPF record is to create an SPF specific subdomain represented as: Using “_spf” as the subdomain name signals to a mailbox provider to treat the subdomain as a storage container, which is only used for listing additional SPF information.

Some larger organizations may need to create multiple SPF specific subdomains. If you need to create more than one SPF specific subdomain, use the following format: _spf, _spf1, _spf2, and so on.

For example, Google has multiple IP addresses represented in different netblocks due to the size of their organization. Attempting to place all of this information into one SPF record for would exceed 255 characters. To resolve this, Google created smaller storage containers of SPF records with IP addresses that do not exceed 255 characters and combined them together using include statements to stay under the 255 character limit.

Here is a list of netblocks used by Google and their corresponding SPF records:


    v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ~all

    v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all

    v=spf1 ip4: ~all

In order to keep the SPF record under 255 characters, Google created an SPF specific subdomain of and references each netblock using an include statement in the SPF record. The include statement instructs a mailbox provider to search for additional SPF information for the domain listed.

v=spf1 ~all

Google then adds their SPF specific subdomain with an include statement to the SPF record. The end result is a simple SPF record for that does not exceed 255 characters.

v=spf1 ~all

Prior to creating an SPF specific subdomain, try to use CIDR notation for IP ranges in order to reduce the length of your SPF record under the 255 character limit.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request