DNS provider

Add an SPF record in Amazon Route 53

SPF must be a single TXT starting with v=spf1 at the domain that sends mail. Amazon Route 53 will let you break this with duplicate TXT — don’t.

Provider gotcha: TXT values must be wrapped in quotes in the value field. Multiple strings in one TXT are entered as separate quoted strings on one line.

Reference: SPF DNS.

Step by step

Step 1 AWS Console → Route 53 → Hosted zones → select your domain → Create record.

Step 2 TXT record. For root domain SPF: For apex SPF, leave the record name blank (not @). For DMARC use _dmarc in the name field..

Step 3 Single SPF only — merge vendors into one string:

"v=spf1 include:_spf.google.com ~all"

Step 4 Save. TXT values must be wrapped in quotes in the value field. Multiple strings in one TXT are entered as separate quoted strings on one line.

Step 5 Propagation: Typically 1–5 minutes to Route 53 authoritative data; resolvers cache per TTL.

Step 6 Use DNS Preflight — SPF tree shows lookup count. Link: SPF guide.

DNS Preflight — full auth check for your domain.

Open DNS Preflight →

Propagation — compare resolvers.

Open DNS Propagation →

FAQ

Can I add two SPF TXT records?

No — merge into one v=spf1 string or you get PermError.

How does Amazon Route 53 want SPF quoted?

Follow the code block on this page; Route 53 requires quotes around the full TXT.

Why PermError after saving?

Syntax error, duplicate SPF, or over 10 DNS lookups — use Preflight’s SPF tree.

Include SendGrid and Google?

Yes in one record: v=spf1 include:... include:... ~all — watch lookup count.

How long until live?

Typically <strong>1–5 minutes</strong> to Route 53 authoritative data; resolvers cache per TTL.

← Amazon Route 53 hub · All DNS providers