Since the SPF record is your way of telling mailbox providers who is authorized to send mail on your behalf, it is very important that your SPF record is accurate and up to date. You need to ensure that all the IPs you are mailing from are included in the SPF record for your domains. Otherwise, if you send from an IP that is not included in your SPF record, you will fail the authentication check. You also want to include any IPs from your partner or vendors that send mail on your behalf.
IPs are put in your SPF record through the ip4 and ip6 mechanism. They can also be put it using an include statement that references your partner or vendor’s SPF record. Often times, IP ranges can be put into your SPF record through a CIDR range. Most organizations use the ip4 mechanism because ip6 is not widely used at this time. Typically large organizations, such as Google, use ip6.
v=spf1 ip4:18.104.22.168/20 ip4:22.214.171.124/19 ip4:126.96.36.199/20 ip4:188.8.131.52/20 ip4:184.108.40.206/18 ip4:220.127.116.11/16 ip4:18.104.22.168/21 ip4:22.214.171.124/16 ip4:126.96.36.199/20 ip4:188.8.131.52/17 ip4:184.108.40.206/19 ip4:220.127.116.11/19 ~all
v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all
IP addresses can be listed in your SPF record as a part of a range by utilizing the Classless Inter-Domain Routing (CIDR) notation.
CIDR is a standard created by the Internet Engineering Task Force in 1993 that helps to more efficiently allocate IP addresses and allows for a flexible and simplified way to identify IP addresses and route network traffic.It is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash character (/), and a decimal number.
CIDR notation is not required for a small number of IP addresses but should be used when representing larger ranges of IP addresses.
For example, Google uses 4,096 IP addresses that range from 18.104.22.168 - 22.214.171.124. You can’t list each IP address individually in the SPF record because it would exceed 255 characters. The SPF specification allows for the use of CIDR notation for this situation, which would make sure Google can stay under the 255 character limit.
Using CIDR notation, Google’s 4,096 IP addresses can be represented as: 126.96.36.199/20.
There are free tools that can help yous convert CIDR to an IP address range, and an IP address range to CIDR. Here is a recommended tool: IP Address Guide.