SPF Checker
Validate your domain's SPF record with our free SPF lookup tool. We analyze your SPF record, map out the complete nested SPF Record tree, and run validation tests to catch any configurations errors and ensure your record is properly configured. Whether you're validating an existing record or troubleshooting SPF failures, our checker breaks down each record and qualifier, shows all authorized email senders, flags syntax errors and provides full JSON output.
Enter your domain to run a full SPF lookup and security review
FAQs
What is SPF and why is it important?
SPF (Sender Policy Framework) is a DNS record that lists which mail servers and IP addresses are allowed to send emails on behalf of your domain. When someone receives an email claiming to be from you, their mail server checks your SPF record to verify it came from an authorized source.
Without SPF, spammers can forge emails from your domain and receiving mail servers have no way to detect it, damaging your reputation and causing your legitimate emails to be flagged as spam. SPF is a foundational layer of email authentication that works alongside DKIM and DMARC.
How do I create an SPF record?
An SPF record is a TXT record in your DNS settings with a value like: This authorizes the listed servers and IP Address to send mail for your domain. The record must start with v=spf1 and end with a qualifier like ~all (soft fail) or -all (hard fail).
v=spf1 include:_spf.example.com include:spf.protection.example.com ip4:192.168.1.1/32 -allAre there any lookup limits in SPF?
Yes, SPF has a hard limit of 10 nested DNS lookups. Tags like include:, a:, mx:, and redirect= each count as lookups, and any lookups within included records also count toward your total. If exceeded, SPF evaluation returns a permanent error, which can cause mail to fail authentication and may trigger DMARC failures if configured. This is one of the most common SPF configuration issues, especially for organizations using multiple email services.
What does “-all”, “~all”, “+all”, “?all” mean in SPF?
These define how strict your policy is:
- "-all" : Fail all unauthorized senders (recommended for strict policies)
- "~all" : Soft fail (mark as suspicious but allow delivery)
- "?all" : Neutral (no opinion; generally not useful)
- "+all" : Pass everything. (Useless in practice; defeats SPF’s purpose. Never use it)
What are the limitations of SPF?
SPF breaks when emails are forwarded as the forwarding server becomes the new sender, failing the SPF check against your domain. It also doesn't protect the "From" header that users actually see, only the envelope sender. This is why SPF works best alongside DKIM for message integrity and DMARC to handle policy enforcement and reporting. SPF records can become complex and hit the 10 lookup limit when using multiple email services.