SPF survey is a process where an SPF record is diagnosed and validated for its efficacy and correctness. This survey includes looking into the queried domain name, displaying the SPF record (if found), and then running a number of SPF validation tests against the record.
The process is undertaken to highlight errors found in the record as it impacts DMARC compliance and email deliverability while also keeping phishers and scammers at bay.
SPF Survey: See How Your SPF Record is Used
SPF survey is a diagnosis that produces a graphical representation of SPF records for a specific domain. You can perform the following activities if you use a free survey SPF for your official domain.
- Verify if your SPF record is published correctly.
- Check and update the list of authorized IP addresses allowed to send emails using your domain.
- Evaluate the traffic coming from your domain’s SPF entries.
- Avert SPF record formatting mistakes, as these can create issues in delivering emails to intended recipients.
- Find out discrepancies in your pre-published SPF record.
- The SPF survey lets you check if your senders are sending SPF-authenticated messages properly or if you still need to train them.
What Configurations Can You Make During an SPF Survey?
Once you reach the ‘Record Analysis’ page, you can see SPF record details specifying DMARC information. This is where you’ll see all the active SPF record entries. You can see the entries currently in use and those not in use. You should filter them to avoid cluttering, as unused and unnecessary SPF lookups give a larger surface area to attack. SPF survey tools also help you keep your SPF records decluttered and stay under the 10 DNS lookup limit.
This feature gives you credible feedback on domains for which you have received DMARC reports in the last 7 days. However, in certain situations, a seven-day period is not enough to recommend whether an IP range should be removed. In this case, you need to check back on it later while performing another SPF survey. This most probably occurs due to a lack of traffic.
Common SPF Errors Highlighted During a Free Survey SPF
SPF users perform regular SPF surveys to ensure their record is error-free and fully compliant with the prerequisites. If your record isn’t validated, it will likely fail to propagate or have configuration issues. Let’s see what these common errors are and how you can troubleshoot them.
Multiple SPF Records
SPF survey will see a failed validation result if there is more than one SPF entry for each domain. In this case, the recipient’s mailbox declines both, which directly impacts the email deliverability rate.
You should delete SPF entries that aren’t in use anymore. There would be some services that you no longer use but still has an SPF entry specified in your DNS zone. Such records are eligible for removal during a free survey SPF.
If you can’t remove obsolete records, you can merge two or more records into one. While merging records, ensure the entry begins with the ‘v=spf1’ and ends with the “~all” parameter.
Too Many DNS Lookups
SPF records are limited to 10 “include” lookups per record. Every instance of parameters “include”, “a”, “mx”, “ptr”, “exists”, and “redirect” will generate one lookup. If any domain has an “include” containing other instances of the same parameters, they are also counted towards the 10 lookup limit.
So, if your record exceeds this limit, the SPF survey will highlight failed validation results.
To resolve this, you need to get rid of obsolete “includes” and “references” to domains. You can use subdomains instead. But if your subdomain is verified, emails are to be sent from that only.
Syntax Error
You need to take care that the SPF record check is properly done. Each SPF record must:
Start with “v=spf1”
End with “~all”, “-all” or “?all”
And does not have multiple “all” or “v=spf1” parts in the entry (eg. v=spf1 a mx include:_spf.elasticemail.com ~all ~all )
Additional + in include
In some scenarios, the recipient’s server fails SPF record authentication when the “include” is prefixed with a “+” sign as the default parameter for the mechanism is a pass.
The ‘+’ sign also denotes pass, thus creating redundancy. So, you should remove this sign from your SPF records.
Typos
Typos are a common mistake. So, just double-check everything you’ve typed.
Still Facing A Problem?
If you are still facing a problem, you can use our free SPF survey tool: SPF record checker. It’ll instantly alert you regarding these errors so that you can make the necessary modifications to enjoy an error-free SPF.
You can leverage our SPF record checker to perform an SPF record lookup for your domain in the following way:
- Start by entering your domain name in the box provided.
- Click on the “Lookup” button, and you’re done!
Our SPF checker is convenient and easy to use for instant SPF record lookups on the go.
- PowerDMARC in 2024: A Year in Review - December 24, 2024
- Travel Cybersecurity Threats and How to Stay Protected - December 18, 2024
- Cybersecurity Best Practices for Digital Nomads in Japan - December 17, 2024