---
title: "SPF records updated by Google: Here’s what domain owners need to know! | DuoCircle"
description: "SPF records updated by Google: Here’s what domain owners need to know!"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/"
---

Quick Answer

Google removed \`\_netblocks3.google.com\` from \`\_spf.google.com\`. The \`\_spf.google.com\` include previously chained three sub-records: \`\_netblocks.google.com\`, \`\_netblocks2.google.com\`, and \`\_netblocks3.google.com\`. Domains using the recommended \`v=spf1 include:\_spf.google.com \~all\` are unaffected because Google manages the included sub-records. Domains that hard-coded the individual netblock includes need to remove the now-defunct \`\_netblocks3.google.com\` reference (or better, replace the whole stack with a single \`include:\_spf.google.com\`). Use an SPF lookup tool to check for outdated entries, broken includes, or extra DNS lookups (SPF has a 10-lookup limit). General guidance: never manually expand vendor SPF includes, prefer the official \`include:\` value, audit SPF regularly, and pair SPF with DKIM and DMARC.

SPF records updated by Google: Here’s what domain owners need to know!

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/12/SPF-records-updated-by-Google-Heres-what-domain-owners-need-to-know.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Femail-security%2Fgoogle-updates-spf-records-what-domain-owners-should-know%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=SPF%20records%20updated%20by%20Google%3A%20Here%E2%80%99s%20what%20domain%20owners%20need%20to%20know!&url=undefined%2Fblog%2Femail-security%2Fgoogle-updates-spf-records-what-domain-owners-should-know%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Femail-security%2Fgoogle-updates-spf-records-what-domain-owners-should-know%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Femail-security%2Fgoogle-updates-spf-records-what-domain-owners-should-know%2F&title=SPF%20records%20updated%20by%20Google%3A%20Here%E2%80%99s%20what%20domain%20owners%20need%20to%20know! "Share on Reddit") [ ](mailto:?subject=SPF%20records%20updated%20by%20Google%3A%20Here%E2%80%99s%20what%20domain%20owners%20need%20to%20know!&body=Check out this article: undefined%2Fblog%2Femail-security%2Fgoogle-updates-spf-records-what-domain-owners-should-know%2F "Share via Email") 

![SPF records](https://media.mailhop.org/duocircle/images/2025/12/buy-smtp-0045.jpg) 

Does your SPF record include Google as an authorized sender? If yes, then you must be dependent on Google’s recommended ‘**include:\_spf.google.com**’ entry to make the most out of the SPF protocol. Recently, this entry has been updated by Google. So, if your domain has outdated or custom configurations, then the latest update may cause certain issues. This blog aims to explore the update in detail and the tactics that can be used to avoid any potential [email deliverability](/a-guide-on-email-deliverability) hassles.

## The connection between SPF and Google Workspace

_SPF or Sender Policy Framework is a widely used, DNS-based email authentication protocol that informs a recipient server whether or not the sender is officially authorized to share emails from your business domain on your behalf_. The SPF protocol relies on a [DNS TXT record](https://www.cloudflare.com/learning/dns/dns-records/dns-txt-record/) that lists all the authorized IP addresses. 

With Google Workspace, it gets easier as it manages the [SPF record](/content/spf-records) in one space under “\_spf.google.com.” This arrangement allows you to add all the Google mail server addresses by using the “include” value. The rest is **handled by Google**.

Suppose your emails are sent through Google Workspace only, then Google recommends using a simple SPF record: v=spf1 include:\_spf.google.com \~all.

This SPF record clearly tells the recipient mail server that “Google is the only **authorized sender for the domain**. Anything else should be questioned or blocked.” 

[![DNS TXT record](https://media.mailhop.org/duocircle/images/2025/12/email-smtp-service-5566.jpg)](https://media.mailhop.org/duocircle/images/2025/12/email-smtp-service-5566.jpg)

## The new update

Earlier, the SPF record ‘\_spf.google.com’ used to have three sub-records:

1. \_netblocks.google.com
2. \_netblocks2.google.com
3. \_netblocks3.google.com

The [IP ranges](https://ipinfo.io/glossary/ip-range) that Google used to send emails were contained in the above-mentioned sub-records. The **latest update involves** Google removing \_netblocks3.google.com. This clearly states that the third sub-record is no longer required.

Basically, Google is simplifying and decluttering the existing SPF setup.

## Who will be affected by the latest update?

Those who have been using the [Google Workspace’s](https://en.wikipedia.org/wiki/Google%5FWorkspace) recommended “include:\_spf.google.com” entry will face no issue at all because of this update. However, those who manually copied **Google’s internal structure** may face problems. The SPF setup eventually gets messier and intricate. It is therefore important to remove all outdated references and keep your SPF clean, precise, and ready for any future updates from Google.

[![SPF record ](https://media.mailhop.org/duocircle/images/2025/12/dkim-selector-6400.jpg)](https://media.mailhop.org/duocircle/images/2025/12/dkim-selector-6400.jpg)

## Is your domain affected? Here’s how to check!

Use an SPF lookup tool to run your current SPF record. The tool will help you find out if there are any unnecessary Google entries, such as \_netblocks3.google.com. If there’s an **outdated Google entry**, your SPF record needs a thorough cleanup. 

The SPF lookup tool you use must also highlight issues like broken includes or extra lookups. Go through them carefully to find out what you need to fix. 

## How to align your SPF record with Google’s latest update?

Once you know the issues, fixing them gets quite easy:

- Check if your SPF record consists “include:\_spf.google.com.” If so, you do not need to change anything.
- _In case there are individual netblock entries (\_netblocks.google.com, \_netblocks2.google.com, or \_netblocks3.google.com), remove them immediately_.
- You can replace all of them using a single “include.” This will keep your **SPF configuration clutter-free**.
- For detailed control, you need to remove \_netblocks3.google.com. But in ideal cases. It is better not to split them.

When your SPF record is clutter-free, it minimizes the risk of errors, streamlines maintenance procedures, and makes future Google updates easier.

[![SPF configuration](https://media.mailhop.org/duocircle/images/2025/12/what-is-dkim-7210.jpg)](https://media.mailhop.org/duocircle/images/2025/12/what-is-dkim-7210.jpg)

## Top practices for SPF records

Below are the best practices to ensure that your email authentication system is **clutter-free and simplified**:

### Do not manually expand SPF entries.

Avoid copying or rewriting internal SPF references. _When you use hard-coding, it makes your SPF record messy and cluttered_. 

### Go for vendor-issued “include” entries only.

Using official SPF “include” values backed by Microsoft or Google is a smart move. The **tech giants automatically** update everything for you. 

[![spf record](https://media.mailhop.org/duocircle/images/2025/12/spf-record-5602.jpg)](https://media.mailhop.org/duocircle/images/2025/12/spf-record-5602.jpg)

### Keep evaluating your SPF record on a regular basis.

**Audit your SPF setup** regularly to detect outdated entries, broken includes, or duplicated references to avoid alignment issues.

### Boost SPF with DKIM and DMARC protocols.

Although SPF is popularly used for [email authentication](/resources/email-authentication), you must combine it with DMARC and DKIM to boost the overall efficacy. 

### Make the most out of reporting or monitoring tools.

To further make the maintenance easier, you can also use tools like DMARC analyzers, SPF lookup, or [email security](/email-security/why-is-email-security-important-in-2025/) dashboards. They enable you to track changes more effectively and **identify any configuration issues** ahead of time. 

We understand if managing the technical SPF, DKIM, and DMARC records overwhelms you. We at [DuoCircle](/) can help you with everything related to email authentication. So [contact us](/contact).

## Topics

DKIMemail securitySecurityspfSPF record 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Email Security 6m  Building a zero-trust security model for emails  Dec 11, 2024 ](/blog/email-security/building-a-zero-trust-security-model-for-emails/)[  Email Security 7m  How email authentication helps you prove sender identity under ISO 27001  Nov 18, 2025 ](/blog/email-security/how-email-authentication-helps-verify-sender-identity-for-iso-27001/)[  Email Security 6m  How do you achieve SPF alignment to enhance email security and deliverability?  Mar 25, 2025 ](/blog/email-security/how-spf-alignment-improves-email-security-and-deliverability/)[  Email Security 5m  How to pass Microsoft’s email authentication requirements?  Jul 11, 2025 ](/blog/email-security/how-to-pass-microsofts-email-authentication-requirements/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"SPF records updated by Google: Here’s what domain owners need to know!","description":"SPF records updated by Google: Here’s what domain owners need to know!","url":"https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/","datePublished":"2025-12-10T18:53:51.000Z","dateModified":"2025-12-10T19:58:02.000Z","dateCreated":"2025-12-10T18:53:51.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/"},"articleSection":"email-security","keywords":"DKIM, email security, Security, spf, SPF record","wordCount":755,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/12/buy-smtp-0045.jpg","caption":"SPF records","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Email Security"},{"@type":"ListItem","position":3,"name":"SPF records updated by Google: Here’s what domain owners need to know!","item":"https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Email Security","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"SPF records updated by Google: Here’s what domain owners need to know!","item":"https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"SPF records updated by Google: Here’s what domain owners need to know!","description":"SPF records updated by Google: Here’s what domain owners need to know!","url":"https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/","datePublished":"2025-12-10T18:53:51.000Z","dateModified":"2025-12-10T19:58:02.000Z","dateCreated":"2025-12-10T18:53:51.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/email-security/google-updates-spf-records-what-domain-owners-should-know/"},"articleSection":"email-security","keywords":"DKIM, email security, Security, spf, SPF record","wordCount":755,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/12/buy-smtp-0045.jpg","caption":"SPF records","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```