CIDR Calculator

If you've ever needed to authorize a range of IP addresses in an SPF record or configure a firewall allowlist for your mail server, you've encountered CIDR notation. It's the standard way to express IP address ranges compactly — instead of listing hundreds of individual IPs, you write something like 198.51.100.0/24 and cover all 256 addresses at once. This calculator converts between CIDR notation, subnet masks, and IP ranges so you don't have to do the binary math yourself.

How CIDR notation works

An IPv4 address is 32 bits long. The number after the slash tells you how many of those bits are fixed (the network portion), and the remaining bits are variable (the host portion). A /24 means 24 bits are fixed and 8 are variable, giving you 2^8 = 256 possible addresses. A /32 means all bits are fixed — it's a single IP. A /16 means 16 bits are variable, giving you 65,536 addresses. The most common ranges you'll encounter in email: /32 (single server), /28 (16 IPs — a small dedicated pool), /24 (256 IPs — a typical allocation from an ISP or cloud provider).

CIDR in email authentication

SPF records are where most email senders encounter CIDR. When you add ip4:198.51.100.0/24 to your SPF record, you're authorizing every IP from 198.51.100.0 to 198.51.100.255 to send email for your domain. This is essential when your ESP or mail infrastructure uses a pool of IPs that can change. Instead of listing each IP individually (and hitting SPF's 10-lookup limit), a single CIDR range covers them all with one mechanism. Use our SPF generator to build records with proper CIDR notation.

Common CIDR mistakes in email setups

The biggest mistake is authorizing too broad a range. Using /16 (65,536 IPs) in your SPF record when your ESP only uses 4 IPs from that range means you're also authorizing thousands of IPs you don't control — potentially including spammers on the same network. Be as specific as possible. If your provider uses 198.51.100.10 through 198.51.100.14, a /28 or even listing individual /32 entries is safer than a /24. Ask your provider for their exact IP ranges rather than guessing.

IPv6 CIDR considerations

IPv6 uses the same CIDR concept but with 128-bit addresses. A typical IPv6 allocation is /48 (for organizations) or /64 (for subnets). In SPF records, you'd use the ip6: mechanism with CIDR notation, like ip6:2001:db8::/48. As more mail servers adopt IPv6, you'll need to include both ip4 and ip6 ranges in your SPF configuration. After setting up your ranges, verify them with the DNS propagation checker to ensure your records are visible globally.