Defaults.Exposed › Setup › SPF

How to set up SPF on Squarespace

Add an SPF record in your Squarespace DNS so the world knows which servers may send email using your domain.

Why this matters to your business

SPF (Sender Policy Framework) is a short note in your domain’s DNS that lists which mail servers are allowed to send email “from” your domain. Without it, scammers can forge your address to send fake invoices, payment requests or quotes to your customers and suppliers — and your own genuine email is more likely to land in spam. Setting SPF up is free, takes a few minutes, and is one of the cheapest, strongest things you can do to protect your name and keep your email getting delivered.

First, an important point about Squarespace

Squarespace is a website builder and a domain registrar — it can host your domain’s DNS — but it is not your email provider. Your actual email runs through a separate service (for example a Google Workspace or Microsoft 365 mailbox, or another mail host). So:

• Squarespace’s job here: hold the SPF record in your DNS.
• Your email provider’s job: tell you what the SPF value should be.

You add the record in Squarespace, but the value comes from whoever runs your mailboxes.

Before you start: is Squarespace actually running your DNS?

This is the single most common reason these changes “do nothing.” A DNS record only takes effect if Squarespace is where your domain’s nameservers point.

• If you registered the domain through Squarespace, or you connected an outside domain and chose to let Squarespace manage its DNS, then Squarespace is your DNS host — you’re in the right place.
• If your domain still points at another company’s nameservers (for example your registrar, a web host, or Cloudflare), then the SPF record must be added there, not in Squarespace. Adding it in Squarespace will have no effect.

In your Squarespace account, open the domain’s settings and look for where it shows your DNS or nameservers. If Squarespace is managing the DNS, continue below. If your nameservers point to another company, add SPF in that company’s DNS instead.

What you’ll add

A single TXT record that lists your senders. The exact value depends on who sends your email. A common example for a domain that sends only through Google Workspace is:

v=spf1 include:_spf.google.com ~all

For Microsoft 365 it’s usually:

v=spf1 include:spf.protection.outlook.com -all

Use the SPF value your email provider tells you to use. You should have only one SPF (TXT starting with v=spf1) record per domain — if you already have one, edit that one rather than adding a second.

Steps in Squarespace

1. Sign in to Squarespace and open your Domains area (in your account or site settings).
2. Click the domain you want to set up.
3. Open its DNS settings (look for DNS / DNS Settings / Advanced DNS / Custom Records).
4. Find the section for adding a custom DNS record and add a new one.
5. Set the record Type to TXT.
6. In the Host field (sometimes labelled Name), enter @. The @ means “the domain itself.” Do not type your full domain name here.
7. In the Data / Value field, paste your SPF string, e.g. v=spf1 include:_spf.google.com ~all.
8. Save the record.

Squarespace quirks people get wrong

• @ for the host, not your domain. Squarespace uses @ to mean the root of your domain. Putting your full domain name in the Host field creates the record in the wrong place.
• No quotes. Type the SPF value plain. Don’t wrap it in double quotes — adding "v=spf1 ..." yourself can produce a broken, double-quoted record.
• Only one SPF record. Two v=spf1 records is an error and breaks SPF entirely. If you add a second sender later (say a newsletter tool), combine them into one record using extra include: entries — don’t create a second TXT.
• It’s the email provider’s value, not Squarespace’s. Squarespace doesn’t send your business email, so don’t expect a Squarespace-specific SPF string — use the one your mailbox provider gives you.
• Changes aren’t instant. DNS can take from a few minutes up to a couple of hours to update everywhere.

Verify it worked

Once saved, confirm the record is live and correct with the free check on Defaults.Exposed. Enter your domain and it’ll tell you in plain language whether your SPF is set up properly. Your data is processed in the EU.

Done? Check your domain free to confirm it worked — and see your full grade across all 34 checks.