SPF Checker

Validate your SPF records to ensure proper email authentication

Share:

Check SPF Record

Ensure Proper Email Authentication with SPF

Verify your SPF records are correctly configured to prevent email spoofing

SPF (Sender Policy Framework) is an email authentication standard that specifies which mail servers are authorized to send email on behalf of your domain. Our checker validates your SPF record, counts DNS lookups, and verifies proper configuration.

What This Tool Checks

SPF Record Lookup

Queries DNS for your SPF TXT record and displays the full record.

Mechanism Analysis

Parses include, a, mx, ip4, ip6 mechanisms and their qualifiers.

DNS Lookup Count

Counts DNS lookups to ensure you stay within the 10-lookup limit.

All Qualifier

Validates the 'all' mechanism (-all, ~all, +all) for proper security.

Best Practices

  • Always end your SPF record with -all (hardfail) for maximum security.
  • Keep DNS lookups under 10 — use ip4/ip6 ranges to reduce lookups.
  • Don't use +all — it allows anyone to send email as your domain.
  • Consolidate multiple include mechanisms where possible.
  • Only one SPF record per domain is allowed.
  • Test changes before deploying to avoid email delivery issues.

Frequently Asked Questions

What is the 10 DNS lookup limit?

SPF allows a maximum of 10 DNS lookups during evaluation. Each include, a, mx, ptr, redirect, and exists mechanism counts as one lookup. Exceeding this causes SPF permerror and emails may fail.

What does ~all vs -all mean?

~all (softfail) marks unauthorized emails but may still deliver them. -all (hardfail) rejects unauthorized emails outright. -all is recommended for production domains.

Can I have multiple SPF records?

No. Only one SPF record is allowed per domain. Having multiple causes all SPF checks to fail. Merge all mechanisms into a single record.