Gmail IP address ranges – here’s how to find ALL the public ones

by Jesse Rink


Home » Articles and insights » Gmail IP address ranges – here’s how to find ALL the public ones

If you’re like most firewall administrators, you dislike the idea of opening up port 25, 465, and 587 for outbound traffic to the -entire- internet.  Doing so can result in your organization’s public IP address getting blacklisted in a hurry if any of your internal devices get infected with malware, or viruses, that start sending out massive amounts of email spam from bots.   In this article, we walk you through the steps to find the Gmail IP address ranges you need.

In general, security conscious firewall administrators will limit outbound port 25, 465, and 587 traffic through the firewall to specific destinations and sometimes from specific internal sources as well – such as an SMTP relay server.  When using a full (or fat) email client such as Outlook, Mail, or eM Client (instead of using web-based email) for sending and receiving email with Gmail based email accounts, it is important to know all the public Gmail IP address ranges used by Google for SMTP.  Getting these public Gmail IP address ranges can easily be accomplished using the DIG command.

Setting your firewall up to limit outbound SMTP to ONLY those specific public IP address ranges, can help limit your exposure, and allows the email client to work properly without random error messages stating it couldn’t properly send outbound mail. While Google tends to publish this information in various tech notes on their webpages, the information on those webpages is usually outdated and not completely up to date. Using the DIG command to determine the IP address ranges used by Gmail can help to better determine which IP address ranges to allow through your firewall.

So how can someone determine the public Gmail IP address ranges that Google seems to change from time to time?   The steps below utilizing the DIG command will provide you this information.


This Wisconsin manufacturer needed to modernize its IT infrastructure to support rapid business growth.

Discover what they did

(Note – if you don’t have DIG on your computer, there are numerous online tools that support DIG commands that can be utilized with ease, such as

Steps to find the Gmail IP address ranges

The first step is to issue a DIG command to get the SPF record used for (TXT record)

You can do this with the following command:

DIG txt

(or you can use an online tool as shown in the following picture)

Gmail IP address ranges

We can see here that the results come back with the FQDN of We need to issue another DIG command against that.

DIG txt

The results come back here showing 3 different FQDNs:          283         IN           TXT         “v=spf1 ~all”

We will then need to DIG each of the following netblocks that were reported back from the DIG command:


This will provide ALL the current address ranges that can be used for sending SMTP mail traffic to Google.

DIG txt              3599       IN           TXT         “v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ~all”
DIG txt           2470       IN           TXT         “v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all”
DIG txt           2659       IN           TXT         “v=spf1 ip4: ip4: ~all”

The results

Based on what the DIG command reports back, as of September 2017 the public Gmail IP address ranges currently include:

Instead of having an outbound firewall rule that allows port 25, 465, and 587 traffic to ALL external IP addresses, you can limit your firewall rule to allowing outbound traffic to ONLY those Google based IP addresses.

Yes, that’s a lot of different address ranges, and it’s likely that these Gmail IP address ranges will change over time and in the future, but knowing these IP address ranges allows you to more safely setup an outbound rule on your firewall that allows port 25, 465, and 587 traffic to those specific ranges of external Gmail public IP addresses so your mail clients (Outlook, Mail, eM Client, etc.) can send outbound email without getting random or intermittent errors.

Jesse Rink

Jesse Rink

Jesse is the owner of Source One Technology and has been providing IT consulting services to Enterprises, SMBs, schools, and nonprofits in Waukesha, Milwaukee, Dane, Washington , Jefferson, Ozaukee, Kenosha, Racine counties and across Wisconsin for over 18 years.

Tired of wasting time and money on frustrating IT issues and vendors?
We're hiring!  Take a look at our engineering roles in Wisconsin.
View jobs