Last updated: July 2026

In short: After this guide your GoDaddy-managed DNS zone publishes a correct SPF record for your mail servers. Receiving servers can then tell who’s allowed to send in your name.

Prerequisites

  • A domain at GoDaddy whose DNS is managed at GoDaddy — the record can only be added in your GoDaddy account if your domain is using GoDaddy nameservers
  • You know which servers send email for your domain (GoDaddy mail products, your own server, a newsletter service)

What is SPF?

SPF (Sender Policy Framework) is a TXT record in your domain’s DNS. GoDaddy’s own docs put it plainly: an SPF record is a type of TXT record that identifies which mail servers are permitted to send email on behalf of your domain. Receiving mail servers check on every incoming message whether the delivering server is on this list. Without SPF, any server can send mail in your name — and your legitimate mail lands in spam faster.

For context: SPF alone is not complete protection. Only together with DKIM and DMARC does it become a solid foundation. But SPF is the easiest entry point.

The starting point at GoDaddy

GoDaddy is registrar and DNS host in one. If you use a GoDaddy mail product (Professional Email, Microsoft 365 from GoDaddy, or GoDaddy hosting), there’s a ready-made value you just publish. If you send from your own or a third-party server, you write the record yourself — the mechanics are the same.

One hard rule GoDaddy states up front: only one SPF record will work on your domain at a time. Never create a second one.

Step-by-step guide

1. Check whether SPF is already active

Fastest via the terminal:

dig TXT example.com +short | grep spf1

Alternatively, drop your domain into the free MXAudit scanner — it checks the record for syntax and lookup limits at the same time.

2. Build the record for your setup

If your mail runs on GoDaddy products — Professional Email, Microsoft 365 from GoDaddy, GoDaddy Linux Hosting, Gen 4 VPS & Dedicated Hosting, or Media Temple Mail — GoDaddy’s docs are explicit that the value must be set as follows to work properly:

v=spf1 include:secureserver.net -all

If you send from your own mail server instead, authorize its IP or MX directly, for example v=spf1 mx -all or v=spf1 ip4:203.0.113.10 -all. If additional external services send too (CRM, newsletter tool), add their include: to the same record.

MechanismEffect
include:secureserver.netauthorizes GoDaddy’s mail servers
mxallows the servers behind your domain’s MX records
ip4: / ip6:allows a fixed IP address or subnet
-allhardfail: only the explicitly listed servers may send

3. Enter the record in the Domain Portfolio

Sign in to your GoDaddy Domain Portfolio, select your domain to open Domain Settings, then select DNS. GoDaddy’s path from here: select Add New Record and then select TXT from the Type menu.

FieldValue
TypeTXT
Name@ (for the root domain)
Valuev=spf1 include:secureserver.net -all
TTLDefault (1 hour)

Enter @ in the Name field to put the record on your root domain, or a prefix such as mail. Leave the TTL on its default of 1 hour. Then select Save.

4. Add external sending services (if needed)

A newsletter tool, CRM, or ticketing system needs its include: value in the same record (from that service’s docs, search for “SPF”). The rule holds: only one SPF record per domain — edit the existing one, never create a second.

5. Wait until the change is live

Most DNS updates take effect within an hour but could take up to 48 hours to update globally.

Verify the result

Check your configuration with the free MXAudit scanner — it shows immediately whether your SPF record is syntactically correct and how many DNS lookups it consumes (the limit is 10).

Or directly in the terminal:

dig TXT example.com +short | grep spf1

The output must contain exactly one record with v=spf1.

Common mistakes

Two SPF records. GoDaddy warns that only one SPF record works per domain at a time. Two TXT entries with v=spf1 cause a permerror — receiving servers then ignore SPF entirely. All sources belong in a single record.

Wrong value for GoDaddy mail. If your mail is a GoDaddy product, the value must be v=spf1 include:secureserver.net -all — a hand-rolled record without the include: breaks delivery.

DNS not at GoDaddy. If your domain uses external nameservers, you can’t add the record in the GoDaddy account — set it at whoever hosts your DNS.

+all at the end. A +all allows any server to send and makes the whole record useless — don’t copy it.

Exceeded the DNS lookup limit. SPF allows a maximum of 10 DNS lookups per check; mx, a:, and every include: count. MXAudit counts along for you.

Further reading