SPF Record Checker

Validate your SPF configuration and ensure proper email authentication

shield

FULL WIZARD

Configure all protocols in one flow

SPF, DKIM, DMARC, and BIMI -- guided setup in one session.

arrow_forward START WIZARD

About SPF

SPF (Sender Policy Framework) is a critical email authentication protocol that helps protect your domain from spoofing and improves email deliverability. By publishing an SPF record in your DNS, you explicitly tell receiving mail servers which IP addresses and mail servers are authorized to send email on behalf of your domain.

When a receiving server gets an email claiming to be from your domain, it checks your SPF record to verify the sender's IP address is authorized. This helps prevent spammers and phishers from impersonating your domain. Major email providers like Gmail, Outlook, and Yahoo all check SPF records and may reject or mark as spam any emails that fail SPF authentication.

A properly configured SPF record is essential for maintaining good email reputation and ensuring your legitimate emails reach the inbox. Use this tool to validate your SPF record for syntax errors, DNS lookup limits, and configuration issues.

Frequently Asked Questions

What is an SPF record?

SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. It helps prevent email spoofing by allowing receiving servers to verify the sender.

Why does my SPF record have too many DNS lookups?

SPF records are limited to 10 DNS lookups per RFC 7208. Each 'include:', 'a', 'mx', 'ptr', and 'redirect' mechanism counts as a lookup. Exceeding 10 causes a PermError, meaning your SPF authentication will fail.

What is the difference between ~all and -all in SPF?

~all (soft fail) marks unauthorized emails as suspicious but still delivers them. -all (hard fail) instructs receivers to reject unauthorized emails. Use ~all during initial setup and testing, then switch to -all once you have confirmed all legitimate senders are listed.

How do I fix SPF authentication failures?

Check your SPF record syntax with this tool, ensure all sending services are included, keep DNS lookup count under 10, and allow 5-30 minutes for DNS propagation after changes.