Google IP address ranges for outbound mail servers

    When setting up email for your domain, you might need the IP addresses for Google Workspace mail servers. For example, SPF authentication for your domain might require Google server IP addresses.

    Google has a global mail server network that grows dynamically to support demand. This means Google Workspace mail servers have a large range of IP addresses, and the addresses change often.

    Get the current range of Google Workspace IP addresses by checking Google's SPF record .

    Google publishes a list of IP address ranges in the DNS TXT record  _spf.google.com, and the records it references. This TXT record is complete for SPF, but it doesn't include all IP address ranges used by Google APIs and services on the default domains. For all possible Google IP address ranges, refer to Obtain Google IP address ranges .

    IP address ranges for unverified forwarding

    You can use Gmail’s advanced routing rules to forward incoming messages to different destinations. 

    Gmail routes messages with unverified forwarding configurations through Google servers with public IP addresses. The public IP addresses are intentionally left out of Google's SPF record, and resolve to Google hostnames ending in unverified-forwarding.1e100.net . These servers use the IP address ranges in this article to route unverified messages.

    Gmail doesn't add authentication to unauthenticated messages that it forwards. For example, when Gmail forwards an unauthenticated message, it doesn't add SPF before forwarding. Adding authentication to forwarded messages prevents receiving servers from identifying the original source of the messages. To verify the authentication status of a forwarded message, use ARC email authentication .

    If you route Gmail based on IP address, you might need to update your firewall routing settings to include the IP ranges below.

    Important:

    • The hostnames and IP address ranges below send unverified and unauthenticated messages. We recommend you strictly manage messages received from these IP ranges when they pass through firewalls and other security measures.
    • Message from these IP addresses should be treated as unauthenticated by SPF.
    • Do not add these hostnames or IP addresses to your SPF records. This puts your domain at risk of spoofing, phishing, and other forms of impersonation.
      IPv4 IPv6

      108.177.16.0/24

      108.177.17.0/24

      142.250.220.0/24

      142.250.221.0/24

      2600:1901:101::0/126

      2600:1901:101::4/126

      2600:1901:101::8/126

      2600:1901:101::c/126

      2600:1901:101::10/126

      2600:1901:101::14/126

      Ranges last updated: January 25, 2021

      Hostname mask for unverified forwarding

      If you use hostnames instead of IP addresses in your firewall routing settings, use this hostname mask when routing unauthenticated messages:

      *.unverified-forwarding.1e100.net

      To identify untrusted forwarding servers, use this hostname mask in your firewall settings. Use the wildcard ( * ) for subdomains. Subdomains can include multiple, nested subdomains.

      Related topics

      Obtain Google IP address ranges

      Ensure mail delivery & prevent spoofing with SPF

      Was this helpful?

      How can we improve it?

      Need more help?

      Try these next steps:

      Post to the help community Get answers from community members
      Contact us Tell us more and we’ll help you get there
      true
      Start your free 14-day trial today

      Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today .

      Enable Dark Mode
      Search
      Clear search
      Close search
      Google apps
      Main menu
      18442841799317665429
      true
      Search Help Center
      false
      true
      true
      true
      true
      true
      73010
      false
      false
      false
      false
      Create a Mobile Website
      View Site in Mobile | Classic
      Share by: