CIDR Calculator
Calculate IP address ranges from CIDR notation. Convert between CIDR, subnet masks, and IP ranges. Essential for configuring SPF records and understanding IP allowlists.
About this tool
If you've ever needed to authorize a range of IP addresses in an SPF record or configure a firewall allowlist for your mail server, you've encountered CIDR notation. It's the standard way to express IP address ranges compactly — instead of listing hundreds of individual IPs, you write something like 198.51.100.0/24 and cover all 256 addresses at once. This calculator converts between CIDR notation, subnet masks, and IP ranges so you don't have to do the binary math yourself.
How CIDR notation works
An IPv4 address is 32 bits long. The number after the slash tells you how many of those bits are fixed (the network portion), and the remaining bits are variable (the host portion). A /24 means 24 bits are fixed and 8 are variable, giving you 2^8 = 256 possible addresses. A /32 means all bits are fixed — it's a single IP. A /16 means 16 bits are variable, giving you 65,536 addresses. The most common ranges you'll encounter in email: /32 (single server), /28 (16 IPs — a small dedicated pool), /24 (256 IPs — a typical allocation from an ISP or cloud provider).
CIDR in email authentication
SPF records are where most email senders encounter CIDR. When you add ip4:198.51.100.0/24 to your SPF record, you're authorizing every IP from 198.51.100.0 to 198.51.100.255 to send email for your domain. This is essential when your ESP or mail infrastructure uses a pool of IPs that can change. Instead of listing each IP individually (and hitting SPF's 10-lookup limit), a single CIDR range covers them all with one mechanism. Use our SPF generator to build records with proper CIDR notation.
Common CIDR mistakes in email setups
The biggest mistake is authorizing too broad a range. Using /16 (65,536 IPs) in your SPF record when your ESP only uses 4 IPs from that range means you're also authorizing thousands of IPs you don't control — potentially including spammers on the same network. Be as specific as possible. If your provider uses 198.51.100.10 through 198.51.100.14, a /28 or even listing individual /32 entries is safer than a /24. Ask your provider for their exact IP ranges rather than guessing.
IPv6 CIDR considerations
IPv6 uses the same CIDR concept but with 128-bit addresses. A typical IPv6 allocation is /48 (for organizations) or /64 (for subnets). In SPF records, you'd use the ip6: mechanism with CIDR notation, like ip6:2001:db8::/48. As more mail servers adopt IPv6, you'll need to include both ip4 and ip6 ranges in your SPF configuration. After setting up your ranges, verify them with the DNS propagation checker to ensure your records are visible globally.
Frequently Asked Questions
More Free Tools
View all toolsSPF Record Checker
Ensure your domain is properly authenticated with our SPF record checker. Avoid spoofing and improve inbox placement.
DKIM Record Checker
Verify your domain's DKIM configuration for email authentication. Check the public key, selector, and key strength to ensure your emails are properly signed.
Email Header Analyzer
Analyze email headers to trace routing, check authentication (SPF, DKIM, DMARC), identify delivery delays, and debug email issues. Paste headers from any email client.
DMARC Record Checker
Check your domain's DMARC policy to protect against email spoofing and phishing. Verify your DMARC record configuration and get recommendations for improvement.