Web / DNS Tools

SPF Record Checker

Validate and analyze your domain's SPF record to ensure proper email authentication.

Server-assisted public lookup

? No SPF record found

Without an SPF record, spammers can forge emails from your domain. Add a TXT record starting with v=spf1 to your DNS.

SPF record found

Raw SPF Record 

                    


                    
                    

                        

                            Parsed Mechanisms
                        

                        

                            
                        

                    

                


        

    






    

    

        

            

                
Next useful step

                
Related tools

            

            
5 selected

        


        

                        
                01
                
                    Dmarc Checker
                    Continue with a nearby task
                
                
            
                        
                02
                
                    Dns Checker
                    Continue with a nearby task
                
                
            
                        
                03
                
                    Mx Checker
                    Continue with a nearby task
                
                
            
                        
                04
                
                    Ssl Checker
                    Continue with a nearby task
                
                
            
                        
                05
                
                    Whois Lookup
                    Continue with a nearby task
                
                
            
                    

    




    




    
        

        
What is the Spf Checker?

        

            
The SPF Record Checker looks up and parses the Sender Policy Framework (SPF) record for any domain. SPF is a DNS-based email authentication standard that lets domain owners declare which mail servers are authorized to send email on behalf of their domain. Receiving mail servers check SPF to verify that incoming email genuinely originated from an authorized source not a spammer or phisher impersonating the domain. An SPF record is published as a DNS TXT record and contains a list of mechanisms IP ranges, hostnames, and include directives that define the authorized senders. Without an SPF record, anyone can forge emails that appear to come from your domain.

            
        

    

       
        

        
How to use the Spf Checker

        

            
Enter your domain name and click Check SPF. The tool looks up your domain's DNS TXT records and searches for one starting with v=spf1. If found, it displays the raw record text and a visual breakdown of every mechanism and modifier in the record. Review the parsed mechanisms panel. Green tokens are -all hard-fail indicators good for security. Yellow tokens are ~all soft-fail weaker but acceptable during setup. Red tokens are +all this means any server may send as your domain, which is dangerous and should never be used. If the tool reports no SPF record, you need to add one.

        

    

     

    
        

        
Frequently asked questions

                        

            
            

                SPF (Sender Policy Framework) is an email authentication method published as a DNS TXT record. It specifies which mail servers are authorized to send email on behalf of your domain. Receiving servers check SPF to verify the sender is legitimate and not a forged address. Domains without SPF are easier targets for spoofing and phishing.
            

        

                        

            
            

                "-all" (hard fail) instructs receiving servers to reject email from senders not listed in the SPF record. "~all" (soft fail) marks unlisted senders as suspicious but still delivers the email, usually to spam. "+all" means any server may send this is extremely dangerous. "?all" is neutral. For best security, use "-all" once you have verified all your sending sources are listed.
            

        

                        

            
            

                No you must have exactly one SPF record per domain. Having multiple TXT records starting with "v=spf1" causes SPF validation to fail with a "permerror," meaning all email from your domain may fail authentication. If you use multiple email providers, combine all their mechanisms into a single SPF record using "include:" directives.
            

        

                        

            
            

                SPF allows a maximum of 10 DNS lookups when resolving mechanisms like "include:", "a", "mx", and "redirect". Exceeding this limit causes a "permerror," which many receiving servers treat as an SPF failure. If your record has many "include:" directives, use an SPF flattening service to convert them to IP ranges, which do not count against the lookup limit.
            

        

                        

            
            

                SPF alone is not sufficient. SPF only protects the envelope sender (the Return-Path header), not the From header that users see. Attackers can still forge the visible From address even if SPF passes. DMARC, combined with SPF and DKIM, provides alignment checks that protect the From header. Implementing all three SPF, DKIM, and DMARC gives comprehensive protection.