Google IP address ranges for outbound mail servers

When setting up email for your domain, you might need the IP addresses for Google Workspace mail servers. For example, SPF authentication for your domain might require Google server IP addresses.

Google has a global mail server network that grows dynamically to support demand. This means Google Workspace mail servers have a large range of IP addresses, and the addresses change often.

Get the current range of Google Workspace IP addresses by checking Google's SPF record.

Google publishes a list of IP address ranges in the DNS TXT record _spf.google.com, and the records it references. This TXT record is complete for SPF, but it doesn't include all IP address ranges used by Google APIs and services on the default domains. For all possible Google IP address ranges, refer to Obtain Google IP address ranges.

IP address ranges for unverified forwarding

You can use Gmail’s advanced routing rules to forward incoming messages to different destinations. When Gmail routes SPF unauthenticated messages to a new destination, the messages keep their unauthenticated status. This is so receiving servers do their own authentication checks when they get the messages.

Gmail routes messages with unverified forwarding configurations through Google servers with public IP addresses. The public IP addresses are intentionally left out of Google's SPF record, and resolve to Google hostnames ending in unverified-forwarding.1e100.net. These servers use the IP address ranges in this article to route unverified messages.

If you route Gmail based on IP address, you might need to update your firewall routing settings to include the IP ranges below.

Important:

  • The hostnames and IP address ranges below send unverified and unauthenticated messages. We recommend you strictly manage messages received from these IP ranges when they pass through firewalls and other security measures.
  • Message from these IP addresses should be treated as unauthenticated by SPF.
  • Do not add these hostnames or IP addresses to your SPF records. This puts your domain at risk of spoofing, phishing, and other forms of impersonation.
IPv4 IPv6

108.177.16.0/24

108.177.17.0/24

142.250.220.0/24

142.250.221.0/24

2600:1901:101::0/126

2600:1901:101::4/126

2600:1901:101::8/126

2600:1901:101::c/126

2600:1901:101::10/126

2600:1901:101::14/126

Ranges last updated: January 25, 2021

Hostname mask for unverified forwarding

If you use hostnames instead of IP addresses in your firewall routing settings, use this hostname mask when routing unauthenticated messages:

*.unverified-forwarding.1e100.net

To identify untrusted forwarding servers, use this hostname mask in your firewall settings. Use the wildcard (*) for subdomains. Subdomains can include multiple, nested subdomains.

Related topics

Obtain Google IP address ranges

Ensure mail delivery & prevent spoofing with SPF

 

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
3253249845196885392
true
Search Help Center
true
true
true
true
true
73010
false
false
false
false