SPF Record Checker
Validate SPF records, test email authentication, prevent spoofing, and improve email deliverability. Essential for email security and ensuring your messages reach the inbox.
Check SPF Record
💡 SPF Quick Guide
• v=spf1 must be the first part of every SPF record
• ~all is recommended for most domains (soft fail)
• include: mechanisms count towards the 10 DNS lookup limit
• Multiple SPF records cause delivery failures
• Regular testing helps maintain email deliverability
What We Validate
🔍 Record Discovery
Find SPF records in DNS TXT records and check for multiple or missing records.
✅ Syntax Validation
Verify proper SPF syntax, mechanisms, qualifiers, and overall record structure.
📊 DNS Lookup Count
Check for the 10 DNS lookup limit to prevent performance issues and failures.
🛡️ Security Analysis
Analyze policy strength, identify security risks, and provide recommendations.
SPF Qualifiers
-all (Hard Fail)
Reject emails from unauthorized servers. Strongest security, may cause delivery issues.
~all (Soft Fail) - Recommended
Mark unauthorized emails as suspicious. Good balance of security and deliverability.
?all (Neutral)
No policy for unauthorized servers. Minimal security benefit.
+all (Pass All) - Not Recommended
Allow all servers to send email. Provides no protection against spoofing.
Common SPF Record Examples
Basic Configuration
Allows mail servers listed in MX records to send email. Simple and common setup.
With Specific IPs
Allows specific IP address and MX servers. Useful for dedicated mail servers.
Third-party Services
Includes SPF records from third-party email services like Google Workspace or Mailchimp.
Complex Setup
Comprehensive setup with A records, MX servers, third-party includes, IP ranges, and hard fail.
SPF Mechanisms Reference
| Mechanism | Description | Example |
|---|---|---|
| a | Match domain's A record | a:mail.example.com |
| mx | Match domain's MX records | mx:example.com |
| ip4 | Match IPv4 address or range | ip4:192.168.1.0/24 |
| ip6 | Match IPv6 address or range | ip6:2001:db8::/32 |
| include | Include another SPF record | include:_spf.google.com |
| exists | Check if domain exists | exists:%{ir}.example.com |
Frequently Asked Questions
What is an SPF record?
SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are authorized to send email for your domain. It helps prevent email spoofing and improves deliverability.
Why do I need SPF records?
SPF records prevent spammers from forging your domain in email headers, improve email deliverability, reduce the chance of your emails being marked as spam, and help protect your domain reputation.
What does v=spf1 mean?
v=spf1 indicates the SPF version. All SPF records must start with "v=spf1" followed by mechanisms that specify which servers are authorized to send email.
What are SPF mechanisms?
SPF mechanisms define which servers can send email: "a" (domain A record), "mx" (MX servers), "include:" (other SPF records), "ip4:/ip6:" (specific IPs), and qualifiers like ~all or -all.
What does ~all vs -all mean?
~all (soft fail) suggests emails from other servers are suspicious but allows delivery. -all (hard fail) rejects emails from unauthorized servers. ?all is neutral, +all allows all servers (not recommended).
Why is my SPF record invalid?
Common issues: missing v=spf1, too many DNS lookups (>10), syntax errors, multiple SPF records, missing final qualifier (~all/-all), or including non-existent domains.