Table of contents

Get insights delivered straight into your inbox every week!

How to Set Up Google Workspace SPF Record [in 3 Minutes]

Manav Singh

June 5, 2025

•

5 min read

If you're using Google Workspace and haven’t set up your SPF record correctly, your emails are getting flagged — even if they technically “deliver.”

This guide shows you how to add the exact SPF TXT record Google requires, where to paste it in your DNS settings, and how to verify it’s working.

You’ll follow a 3-minute process — with zero guesswork — to:

Copy the correct SPF syntax
Add it to your domain registrar (GoDaddy, Cloudflare, etc.)
Avoid common SPF errors that most people miss
Test and confirm your setup in real-time

You don’t need to be technical. You just need to follow this once, and do it right.

Let’s start.

‍

What Is an SPF Record in Google Workspace?

‍

An SPF record (Sender Policy Framework) is a DNS TXT record that tells the world which mail servers are allowed to send emails on behalf of your domain.

When you send an email from Google Workspace, Gmail needs to prove:

“Yes, this message actually came from my domain — and not from some spammer pretending to be me.”

That’s what the SPF record does.

For Google Workspace, your SPF record should include this exact line:

“v=spf1 include:_spf.google.com ~all”

If you skip this?

Email providers start to doubt you.

Some will deliver your emails straight to spam. Others will block them altogether.

SPF is not enough on its own.

You also need DKIM (to verify the message content) and DMARC (to enforce your rules).

But SPF is the first and most basic requirement for getting your emails past spam filters.

It’s how you protect your domain from email spoofing, improve trust with inbox providers, and give your emails a real shot at landing where they belong in the primary inbox.

Let’s get yours set up.

‍

Why Setting Up SPF for Google Workspace Matters

‍

Using Google Workspace without SPF? Your emails might be sent, but inboxes already suspect them.

Here’s what actually happens:

Gmail spam filters check for authentication first.
‍
No SPF? Your email looks fake, even if it’s not.
Unverified domains get flagged silently.
‍
Your prospects won’t complain — they just won’t reply.
SPF protects your sender reputation.
‍
And your sender reputation controls where your emails land: inbox or spam.
Want the data?
‍
Emails with proper SPF, DKIM, and DMARC authentication see up to 45% higher open rates — because they actually land in the inbox.

If you're not authenticating your domain, you’re not doing email. You're just shouting into the void.

‍

Google Workspace SPF Record Format (Copy-Paste Ready)

Here’s the exact SPF record Google recommends:

“v=spf1 include:_spf.google.com ~all”

Copy that. Paste it into your DNS settings. Done.

Now let’s break it down — fast:

v=spf1 → Version. Always starts like this.
include:_spf.google.com → Authorizes Google’s mail servers to send on your behalf.
~all → Tells receiving servers: soft-fail anything not listed.

~all vs -all — Which One Should You Use?

Use ~all (soft fail) if you’re still testing or using multiple senders.
Use -all (hard fail) only if you're 100% sure no unauthorized server should ever send email from your domain. Most people shouldn’t.

Adding Other Sending Services to SPF

If you're using another tool alongside Google (like a cold email platform or a CRM), you’ll need to merge SPF records into one line:

You can use the SPF Record Generator by Salesforge to instantly create valid SPF strings for multiple services — including Google Workspace, Mailforge, and more.

*This image shows the SPF record generator tool by Salesforge*

Example:

v=spf1 include:_spf.google.com include:spf.mailforge.ai ~all

✅ One SPF record only.

❌ Multiple SPF records = fail. Always combine them.

Do it right, and you’ll have clean authentication — no matter how many platforms you're sending from.

‍

How to Set Up SPF Record for Google Workspace [in 3 Minutes]

‍

You don’t need to overthink this.

Here’s the exact 3-step process to set up your Google Workspace SPF record — fast.

✅ Step 1: Open Your Domain’s DNS Settings

Log in to your domain registrar (GoDaddy, Namecheap, Cloudflare — wherever your domain lives)
Find the DNS settings or the Manage DNS section
Click Add Record, then select TXT

This is where your SPF record goes.

‍

✅ Step 2: Add the SPF TXT Record

Fill in the fields exactly like this:

Type: TXT
Host/Name: @ (or leave blank — depends on your provider)

Value:

v=spf1 include:_spf.google.com ~all

‍

TTL: 3600 (or use your provider’s default)

📌 This line authorizes Google servers to send email from your domain. If you’re using other tools too, you’ll need to combine includes into a single line.

‍

✅ Step 3: Save and Verify the Record

Click Save or Apply Changes
DNS propagation can take up to 48 hours, but it usually updates within a few hours
To verify, use:
- MXToolbox SPF Lookup
- Or run a DNS check using dig txt yourdomain.com
- Or check in your Google Workspace Admin Console

Don’t want to do this again for 10 domains? Mailforge automates SPF + DKIM + DMARC in one click.

Once verified, your SPF is live.

You're now authenticated and one step closer to hitting the inbox, not the spam folder.

‍

Common SPF Record Errors in Google Workspace

Here are the 3 most common SPF mistakes that destroy your deliverability (and how to fix them).

❌ 1. Having Multiple SPF Records

If your domain has more than one SPF TXT record, email authentication will fail, even if both records are technically correct.

💡 Fix:
Always combine all senders into a single SPF record like this:

v=spf1 include:_spf.google.com include:another-sender.com ~all

🛑 One domain = one SPF record. No exceptions.

‍

❌ 2. Syntax Errors in SPF TXT Records

Most SPF failures come from bad syntax. These are the killers:

Missing v=spf1 at the start
Extra spaces between tags
Incorrect include: values
Using multiple ~all or forgetting it completely

💡 Fix:
Copy the full record carefully. If you’re unsure, run it through MXToolbox before saving.

‍

⏳ 3. DNS Propagation Delay

You added the record, but it’s not validating yet? That’s not always an error.

SPF changes can take up to 48 hours to fully propagate across DNS servers.

💡 Fix:
Wait a few hours, then use tools like:

dig txt yourdomain.com
nslookup -type=txt yourdomain.com
Or MXToolbox to verify it’s live

Don’t assume it’s broken — DNS just takes time.

‍

Best Practices for SPF Setup with Google Workspace

If you want real inbox placement — not just deliverability — follow these best practices.

Summary Table in case you have less time:

Best Practice	What to Do	Why It Matters
Start and End It Right	Use `v=spf1` at the start and end with `~all` or `-all`	Without proper start/end, your SPF record won’t be valid
Stay Under 10 Lookups	Keep DNS lookups below 10 by flattening SPF if needed	Exceeding the limit breaks SPF authentication silently
Check SPF Monthly	Review your SPF record when tools or senders change	Outdated SPF = inbox issues and higher spam rates
Pair with DKIM & DMARC	Set up all three: SPF, DKIM, DMARC for full protection	These three form your domain’s deliverability shield
Monitor Bounce & Inbox Placement	Track bounce spikes, reply drops, or placement issues	These are red flags that SPF/DKIM/DMARC might be broken
Verify DNS Health (New Domains)	Confirm DNS ownership and TTL with a WHOIS or domain checker	Ensures proper propagation, especially when setting up cold email infrastructure

Now let’s understand this in detail.

Start and End It Right

Every SPF record must start with v=spf1 and end with ~all (soft fail) or -all (hard fail).

Skip either, and your record becomes useless.

Stay Under the 10-Lookup Limit

Google and other providers only allow 10 DNS lookups per SPF check.

Go over that, and the whole thing breaks — silently.

Check Your SPF Status Monthly

SPF records change as your tools change.

Add a new sender and forget to update SPF?

Boom — your emails land in spam.

💡 Run a quick check monthly on MXToolbox.

Pair SPF with DKIM and DMARC

SPF alone isn’t enough anymore.

To fully authenticate your domain, you need:

SPF = who can send
DKIM = message integrity
DMARC = enforcement policy

Are your DKIM and DMARC active?

Salesforge has a DKIM Checker and DMARC Checker — both free, no login needed.

Together, they form your deliverability firewall.

Watch Your Bounce Rates and Inbox Placement

If you notice a sudden spike in bounces or replies drop to zero, don’t blame your copy first.

Check your SPF, DKIM, and domain health.

Use Salesforge’s Domain Checker Tool to confirm DNS ownership and TTL propagation across servers, especially helpful when working with new domains.

*This image shows the* *Domain Checker tool by Salesforge*

🧠 Deliverability is not just a tech issue. It’s a visibility issue.

Follow these SPF best practices, and your emails will land exactly where they should: the inbox.

‍

SPF Setup Tools You Can Use (Even If You’re Not Technical)

Once you’ve added your SPF record, don’t assume it’s working.

Use these tools to check, verify, and troubleshoot SPF — fast.

‍

✅ 1. MXToolbox SPF Checker

MXToolbox SPF Checker is the easiest way to check if your SPF record is valid.
‍
Paste your domain name — it tells you:

If the record exists
If your syntax is correct
If you’re over the 10-lookup limit
If you’re missing a key, include

If you want instant feedback on what’s wrong with your SPF setup, start here.

‍

✅ 2. Google Admin Console (for Google Workspace users)

Already using Google Workspace?

Here’s how to verify SPF inside your admin panel:

Go to admin.google.com
Navigate to:
‍
Apps → Google Workspace → Gmail → Authenticate email

It’ll show whether your domain is passing SPF checks or not.

No need to use external tools — it’s built in.

‍

✅ 3. Command Line (dig or nslookup)

If you're comfortable using a terminal, you can directly query your domain’s DNS:

For Linux/Mac:

dig txt yourdomain.com

For Windows:

nslookup -type=txt yourdomain.com

This tells you exactly what SPF record is live on your domain — no UI, no delay.

Or try the free SPF Checker from Salesforge — it validates your SPF record live and flags errors like missing prefixes, unsupported syntax, or multiple records.

*This image shows the* *Free SPF checker tool by Salesforge*

✅ 4. Mailforge (If You’re Setting Up Multiple Domains or Cold Email Infrastructure)

*This image shows the* *Mailforge Homepage*

If you’re only managing one domain, manual setup is fine.

But if you’re running outreach across 5, 10, or 50+ domains, things break fast.

*This image shows the* *Automated DNS set up in Mailforge*

And here Mailforge can help.

It automatically sets up:

SPF
DKIM
DMARC
Tracking domains
Mailboxes

All from one dashboard.

You never have to touch DNS again — even if you’re sending cold emails from 100 domains.

*This image shows the* *Bulk DNS update in Mailforge*

🧠 Pro Tip: If you're running cold outreach or want airtight deliverability, Mailforge handles everything, at scale, in under 5 minutes.

These tools aren’t optional.

SPF without verification = guessing.

Use the right tool for your setup, and you’ll never have to wonder why your emails landed in spam.

‍

Mailforge vs Manual SPF Setup [Comparison Table]

Here’s how manual SPF setup stacks up against Mailforge:

Feature	Manual Setup	Mailforge Setup
Time to Configure	10–30 minutes per domain	2–3 minutes total
SPF/DKIM/DMARC Setup	❌ Manual for each	✅ Fully automated
DNS Access Required	✅ Yes	❌ No (handled internally)
Technical Skills Needed	✅ High	❌ None
Bulk Domain Setup	❌ Slow and repetitive	✅ Built-in and scalable
Deliverability Optimized	❌ No	✅ Yes (cold email-ready)
Cost	Free (but time-heavy)	Starts at $2/mailbox/month

‍

FAQ

Still confused? Let’s clear up the most common questions people ask about SPF and Google Workspace.

Q: Can I have more than one SPF record?

A: No.

One domain = one SPF TXT record.

If you're using multiple tools (like Google+ + another sender), combine them like this:

v=spf1 include:_spf.google.com include:otherservice.com ~all

Q: What happens if I skip SPF setup?

A: Your emails might look legit to you, but to Gmail and other inboxes, they look suspicious.
‍
Without SPF:

Emails go to spam
Or get rejected completely
Your sender reputation takes a hit

Q: Should I use ~all or -all at the end?

A: Start with ~all — it’s a soft fail, which means unauthorized emails are flagged but not outright blocked.

Use -all only if you’re 100% sure no other server should send on your behalf.

For most teams, ~all is safer.

Q: How do I check if my SPF record is working?

A: You’ve got a few options:

Go to MXToolbox SPF Check and enter your domain

Run this in your terminal:

dig txt yourdomain.com

Or check SPF status inside your Google Admin Console (Apps → Gmail → Authenticate Email)

‍

Conclusion: SPF Isn't Optional — It's Your First Inbox Filter

If you've made it this far, you already know this:

Skipping SPF on Google Workspace is a deliverability disaster.

Here’s what you just learned (and probably fixed today):

What an SPF record does — and why Google needs it
The exact SPF syntax to copy, paste, and deploy (v=spf1 include:_spf.google.com ~all)
The 3-minute step-by-step to set it up without breaking anything
Common SPF mistakes that silently tank your inbox rate
How to verify your setup using tools like MXToolbox, dig, and the Admin Console
Why you must combine SPF with DKIM and DMARC to fully protect your domain
And how to avoid the 10-lookup trap, syntax fails, and multi-sender issues

If you're sending email from a single domain, you’re probably set.

But if you're sending at scale — across multiple domains, campaigns, or cold outreach setups — SPF becomes a bottleneck fast.

In this case, Mailforge can:

👉 Automate SPF, DKIM, DMARC, tracking domains, and mailbox setup — across dozens (or hundreds) of domains.
‍
👉 No DNS headaches. No missed records. Just clean infrastructure built to hit inboxes.

Whether you're a founder, marketer, or ops lead, if you're serious about deliverability, stop patching SPF manually.

Set it up once with Mailforge → and never touch DNS again.