Last updated: July 2026

In short: The SPF record formally authorizes webgo’s mail infrastructure and IP networks to send emails from your domain address. You configure this policy as a TXT record inside the DNS management section of your webgo customer portal or Webspace-Admin.

Prerequisites

  • A webgo web hosting, server, or domain plan
  • Access to the webgo customer portal (https://login.webgo.de) or Webspace-Admin
  • A terminal or the free MXAudit scanner for verification

What is SPF?

SPF (Sender Policy Framework) is a DNS mechanism that specifies which mail servers and IP ranges are allowed to dispatch emails on behalf of your domain. Receiving servers check this record every time an incoming message arrives to verify the sender’s authorization.

As noted in webgo’s technical documentation regarding email deliverability adjustments (Google hat seine Richtlinien für den Versand und Empfang von E-Mails stark verschärft. Daher haben wir bei uns gehostete Domains dementsprechend aktualisiert und die SPF-Einträge angepasst), major providers now strictly enforce SPF validation. If your record is missing or broken, the consequence is severe: Dabei werden E-Mails, deren Domains keinen oder einen fehlerhaften SPF-Eintrag haben, nicht mehr nur als SPAM eingestuft, sondern gänzlich abgelehnt werden.

Explaining the technical foundation of DNS policies, webgo’s FAQ states: Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).

When deployed alongside DKIM and DMARC, SPF establishes solid sender reputation.

The starting point at webgo

For domains hosted directly at webgo, the platform automatically maintains authorized IP subnets inside a predefined SPF record (Google hat seine Richtlinien für den Versand und Empfang von E-Mails stark verschärft. Daher haben wir bei uns gehostete Domains dementsprechend aktualisiert und die SPF-Einträge angepasst).

The authorization policy is published as a TXT record on your root domain. According to webgo’s documentation, the canonical full SPF record example is:

v=spf1 a mx ip4:37.17.224.0/21 ip4:185.30.32.0/22 ip4:88.82.224.0/19 ip4:45.153.56.0/22 ~all

Step-by-step guide

1. Check whether an SPF record is currently published

Open your terminal to verify if your domain already publishes an SPF policy:

dig TXT example.com +short

Look for any returned line starting with v=spf1. If a record is already present, modify it instead of adding a second entry.

2. Open DNS management at webgo

Log in to the webgo customer portal (login.webgo.de), select your package, and navigate to DNS-Verwaltung (DNS management inside the customer dashboard or inside the webgo Webspace-Admin under Domain / DNS) (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).

3. Add or update the TXT record for SPF

In your domain’s DNS management table:

  • If no SPF record exists: Click to add a new record, select TXT as the type, enter @ in the hostname/subdomain field (or leave blank per UI instructions), and paste the exact value:
    v=spf1 a mx ip4:37.17.224.0/21 ip4:185.30.32.0/22 ip4:88.82.224.0/19 ip4:45.153.56.0/22 ~all
  • If an SPF record already exists: Edit the entry and make sure all webgo network blocks and mechanisms (a mx ip4:37.17.224.0/21 ip4:185.30.32.0/22 ip4:88.82.224.0/19 ip4:45.153.56.0/22) are included before the closing ~all.

Save your changes (Dabei werden E-Mails, deren Domains keinen oder einen fehlerhaften SPF-Eintrag haben, nicht mehr nur als SPAM eingestuft, sondern gänzlich abgelehnt werden.).

The components of the webgo SPF record

ComponentMeaning
v=spf1Protocol version tag identifying the start of the SPF record
a mxAuthorizes the IP addresses defined in your domain’s A and MX records to send mail
ip4:37.17.224.0/21 ...Authorized IPv4 network subnets of webgo’s shared hosting and mail infrastructure
~allSoftFail mechanism signaling receiving servers to treat unauthorized senders with caution

Verification

Once you have saved the TXT record in your webgo DNS settings, immediately test your configuration using the free MXAudit scanner — check your SPF syntax and confirm you stay below the 10 DNS lookup limit.

You can also use your terminal to confirm that nameservers are serving the updated value:

dig TXT example.com +short

The output should show exactly "v=spf1 a mx ip4:37.17.224.0/21 ip4:185.30.32.0/22 ip4:88.82.224.0/19 ip4:45.153.56.0/22 ~all".

Common mistakes

  • Publishing multiple SPF records: You must never publish more than one TXT record starting with v=spf1 on the same domain. Multiple records cause a permanent validation error (permerror) (Dabei werden E-Mails, deren Domains keinen oder einen fehlerhaften SPF-Eintrag haben, nicht mehr nur als SPAM eingestuft, sondern gänzlich abgelehnt werden.).
  • Editing webgo settings when using external nameservers: If your domain points to Cloudflare or third-party DNS providers, updating records inside the webgo portal has no effect. Add the SPF record directly with your active DNS provider.
  • Missing IP ranges: If you accidentally drop one of webgo’s ip4: subnets when updating a record, outgoing emails dispatched from that specific server cluster will fail SPF authentication (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).

Further reading