I needed to parse Google’s Gmail spf records in order to configure my Edge Transport server’s IPAllowListEntry, so I figured I’d post it so you didn’t have to go through the trouble.

If you’re wondering, nslookup the following to get the spf records:

nslookup -q=TXT _netblocks.google.com 8.8.8.8

nslookup -q=TXT _netblocks2.google.com 8.8.8.8

nslookup -q=TXT _netblocks3.google.com 8.8.8.8

This returns the TXT record, which you then can edit out the blocks below, which I’ve done for you.  netblocks2 is what appears to be all of the IPv6 address blocks, but I didn’t bother with those for my environment.  The task is pretty much the same for IPv4 or 6:  get the record, delete the bad data and preserve the blocks, script that into Exchange via CSV and the Add-IPAllowListEntry -IPRange subnet and you should be good to go!

This list is current as of 2016-06-15.

64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
172.217.0.0/19

I restarted my transport services for good measure (in Exchange Shell):

Restart-Service MSExchangeTransport

Happy emailing!