Google IP address ranges for outbound mail servers
When setting up email for your domain, you might need the IP addresses for Google Workspace mail servers. For example, SPF authentication for your domain might require Google server IP addresses.
Google has a global mail server network that grows dynamically to support demand. This means Google Workspace mail servers have a large range of IP addresses, and the addresses change often.
Get the current range of Google Workspace IP addresses by checking Google's SPF record. To find out where IP address ranges reside, see this JSON file.
Google publishes a list of IP address ranges in the DNS TXT record _spf.google.com, and the records it references. This TXT record is complete for SPF, but it doesn't include all IP address ranges used by Google APIs and services on the default domains. For all possible Google IP address ranges, refer to Obtain Google IP address ranges.
IP address ranges for unverified forwarding
You can use Gmail’s advanced routing rules to forward incoming messages to different destinations.
Gmail routes messages with unverified forwarding configurations through Google servers with public IP addresses. The public IP addresses are intentionally left out of Google's SPF record, and resolve to Google hostnames ending in unverified-forwarding.1e100.net. These servers use the IP address ranges in this article to route unverified messages.
Gmail doesn't add authentication to unauthenticated messages that it forwards. For example, when Gmail forwards an unauthenticated message, it doesn't add SPF before forwarding. Adding authentication to forwarded messages prevents receiving servers from identifying the original source of the messages. To verify the authentication status of a forwarded message, use ARC email authentication.
If you route Gmail based on IP address, you might need to update your firewall routing settings to include the IP ranges below.
Important:
- The hostnames and IP address ranges below send unverified and unauthenticated messages. We recommend you strictly manage messages received from these IP ranges when they pass through firewalls and other security measures.
- Message from these IP addresses should be treated as unauthenticated by SPF.
- Do not add these hostnames or IP addresses to your SPF records. This puts your domain at risk of spoofing, phishing, and other forms of impersonation.
| IPv4 | IPv6 |
|---|---|
|
108.177.16.0/24 108.177.17.0/24 142.250.220.0/24 142.250.221.0/24 |
2600:1901:101::0/126 2600:1901:101::4/126 2600:1901:101::8/126 2600:1901:101::c/126 2600:1901:101::10/126 2600:1901:101::14/126 |
Ranges last updated: January 25, 2021
Hostname mask for unverified forwarding
If you use hostnames instead of IP addresses in your firewall routing settings, use this hostname mask when routing unauthenticated messages:
*.unverified-forwarding.1e100.net
To identify untrusted forwarding servers, use this hostname mask in your firewall settings. Use the wildcard (*) for subdomains. Subdomains can include multiple, nested subdomains.