Free SPF Record Checker

Lookup and validate your SPF record.

SPF Record Checker

Use this tool to lookup and validate your SPF record.
Please enter a valid domain name, without http:// prefix

SPF Status

Record Checks

Valid SPF record
Failure Mode
DNS Lookups below 10 /10
Void Lookups below 2 /2
Error Details
Warning

Tags Found

Tag Value Description
v v = spf1 Record version
+ip4 Allow the listed IPv4 addresses
+ip6 Allow the listed IPv6 addresses
+include Check the SPF record of the listed domain for a matching IP address
+a Allow the IP addresses listed in the domain’s A record
+mx Allow the IP addresses of the domain’s MX hosts
+ptr Allow the IP addresses of the domain’s PTR hosts
+exist SPF passes if an A record lookup of the listed domain returns a valid result
+redirected Replace the current SPF record with that of the listed domain
-/~/? Apply a hardfail/softail/neutral result if no other mechanisms match
Any text as spf content
This is any error

Get your SPF record validated in seconds with PowerDMARC’s SPF record checker today!

Start 15-day trial Book a demo

What is an SPF Record?

SPF  (Sender Policy Framework) is an email authentication protocol that allows recipients to distinguish between the domain owner’s authorized list of senders, and unauthorized emails. Authenticating your email using SPF is the first step toward preventing domain name abuse and impersonation. To configure SPF you have to set up a DNS record. Pairing your SPF record with other email authentication DNS records can increase its efficacy against cyberattacks. 

Our free SPF checker tool helps you look up and check for errors in your SPF record. SPF checks help you to verify your domain’s SPF (Sender Policy Framework) configuration.

What is an SPF Lookup Used For?

Our SPF lookup tool can instantly check your SPF DNS record. It can be used to:

  • Verify your SPF record validity

  • Check your record syntax for potential errors

  • Verify whether you are exceeding the 10 DNS lookup limit

  • Confirm if your record is exceeding the SPF void limit

SPF Record Examples

1. Basic SPF record: v=SPF1 mx -all

Explanation:

mx: Allows all the mail servers listed in the domain’s MX records to send email.

2. SPF record allowing specific IP addresses: v=SPF1 ip4:192.0.2.1 -all

Explanation:

ip4:192.0.2.1: Allows the server with the IP address 192.0.2.1 to send email.

ip4:198.51.100.1: Allows the server with the IP address 198.51.100.1 to send email.

3. SPF record including another domain’s SPF record: v=SPF1 include:_SPF.example.com -all

Explanation:

include:_SPF.example.com: Includes the SPF record of example.com. This means any servers authorized to send mail for example.com are also authorized for this domain.

How Our SPF Checker Works

Our SPF Checker Tool works by:

1. Retrieving the domain’s SPF record from DNS.

2. Parsing the record to understand its rules and mechanisms.

3. Evaluating the sender’s IP address against the SPF record.

4. Determining the authentication result (pass, fail, softfail, neutral, or permerror)…

Our SPF lookup tool performs the following functions:

1. Checks the existence of your published SPF record

2. Detects Multiple SPF Lookups

3. Evaluates SPF Record Validity

4. Validates IP Addresses and Domains

 
PreviousNext

1. Checks the Existence of Your Published SPF Record

Our SPF check tool will evaluate whether you have an existing SPF record published on your DNS. It fetches the SPF record from the DNS of the domain you want to check and subsequently parses the contents of the SPF record to understand the rules and mechanisms defined within it. These mechanisms specify which IP addresses and mail servers are allowed to send emails on behalf of the domain.

To find the existence of your DNS record, our SPF record check tool:

Performs an SPF DNS query

The SPF checker tool starts a DNS lookup for the target domain. To query the domain’s associated DNS records, “TXT” is appended to the domain name.

Initiates SPF Record Retrieval

The DNS server will respond with the SPF record as a text (TXT) record if the domain has an SPF record. The “v=SPF1” declaration is often followed by several mechanisms, qualifiers, and perhaps modifiers in an SPF record.

2. Detects Multiple SPF Lookups

Our SPF checker tool can detect the SPF lookup limit exceeding by monitoring the number of DNS queries made during the SPF record validation process. If it does, it triggers a limit exceeding warning or error.

Here’s why detecting the SPF lookup limit exceeding is useful:

Preventing SPF Record Oversights

SPF records have a default lookup limit (currently 10) to prevent excessive DNS queries during SPF record validation. Exceeding this limit can lead to incomplete SPF record processing, potentially allowing unauthorized senders to pass authentication checks. By detecting limit exceeding, our tool ensures that the SPF record is not overlooked, and all relevant mechanisms are considered.

Security and Spoofing Mitigation

Our SPF lookup tool helps ensure that SPF records are correctly configured and that all authorized sending servers are accounted for. This enhances security by reducing the risk of spoofed emails.

Compliance with Standards

The SPF record lookup tool ensures that the sending domain’s SPF record complies with this standard. Non-compliance might lead to emails being treated with suspicion or rejected by recipient servers.

Performance Optimization

By validating the DNS query limit, the tool helps optimize the performance of the email authentication process and minimizes the impact on DNS infrastructure.

Configuration Feedback

If the SPF validator tool detects a limit exceeding issue, it can provide feedback to the domain owner or administrator. This feedback can guide them in adjusting their SPF record to stay within the lookup limit

3. Evaluates SPF Record Validity

Our SPF checker tool evaluates the validity of an SPF record by checking various aspects of the record’s syntax and content.

This includes:

Validation of Character Set

The SPF record lookup tool verifies that the characters used in the SPF record fall within the permitted character set specified in the SPF standard (RFC 7208). A syntax error can be raised for any use of unsupported special characters or incorrect characters.

Length Restrictions

SPF records are limited to a maximum of 255 characters. The tool verifies that the length of the retrieved SPF record does not go over this cap. Longer records need to be shortened and may be flagged as mistakes.

Mechanism and Modifier Syntax

The tool parses the SPF record and analyses each mechanism and modifier’s syntax. It makes sure they follow the SPF record syntax standards by checking for proper usage and structure. For instance:

  • Mechanisms with the letters “a,” “mx,” “ip4”, and “include” should be formatted properly.
  • The terms “redirect” and “exp” should relate to legitimate domains.

Based on these the SPF checker tool highlights error locations so that it can be fixed swiftly and easily.

4. Validates IP Addresses and Domains

Our SPF test tool verifies that IP addresses and domain names specified within mechanisms are correctly formatted and resolved to valid destinations. For example, if an “include” mechanism points to another domain, the SPF lookup tool also verifies whether that domain has a valid SPF record.

IP Address Examination

Each IP address listed in the SPF record is examined by our SPF tester tool to make sure it is structured correctly. For IPv4 addresses, the format should be “ip4:192.168.1.1,” and for IPv6 addresses, “ip6:2001:0db8::1.

Aligned with Domain Naming Formats

The tool ensures that domain names supplied in tags like “a,” “mx,” “include,” and “ptr” are properly formatted and adhere to domain naming conventions.

Quick Feedback on Error Fixes

To assist domain managers in fixing the SPF record, the tool may give feedback or error messages if it runs into syntax errors or problems with IP addresses or domains. This in turn ensures that the SPF record is accurately configured by the domain owner, and permitted senders are correctly authorized during the authentication process – helping improve email deliverability.

How Does SPF Impact Email Deliverability?

SPF can have a significant impact on email deliverability, hence it needs to be done right! This is why SPF checker tools play a crucial role in maintaining the proper functioning of Sender Policy Framework for implemented domains. 

  • SPF aids in spoofing prevention, helping customers trust your brand

  • SPF can reduce email bounce rates and spam complaints

  • It can improve domain reputation

SPF Record Tags Explained 

SPF records are published in the DNS (Domain Name System) and are comprised of several tags that define the syntax of the record. Here’s a breakdown of the commonly used SPF tags:

  • v: This tag specifies the version of SPF being used. For SPF version 1, the value is “SPF1”.

  • mx: This tag allows the domain owner to designate the domain’s MX (Mail Exchanger) servers as authorized senders. If the sending server matches one of the MX records for the domain, it is considered legitimate. Default value: current domain.

  • a: This tag permits the sender to verify the IP address of the sender’s domain name. Default value: current domain.

  • ptr: This tag checks if the reverse DNS (PTR) record of the sending server resolves back to the original domain name. It’s not commonly used or recommended as it is unreliable, slow, and places load on .arpa name servers (ref: RFC document)

  • IP4/IP6: This tag specifies the authorized IPv4 and IPv6 addresses that are allowed to send emails on behalf of the sender’s domain.

  • include: This tag allows the inclusion of SPF records from another domain. This is useful for domains that use third-party email services, as they can include the SPF records of those services in their own SPF record.

  • all: This tag specifies the default action for emails that do not match any of the preceding mechanisms. It can have 4 possible values: +, ~, -, ? and it is a mandatory tag that is placed at the end of every SPF record. 

    Here’s an example of an SPF record:

    v=SPF1 include:_SPF.example.com mx -all

    In this example:

    v=SPF1 indicates SPF version 1.

    include:_SPF.example.com includes SPF records from _SPF.example.com.

    mx permits the domain’s MX servers to send email.

    -all specifies that any emails not matching the authorized senders should be rejected.

Why You Need to Test SPF Records

An SPF checker tool can reduce the chances of your legitimate email messages landing in the spam folder, improve your overall email security, and filter out fraudulent emails. Here are the various benefits of frequent SPF record checks:

  • Verify the authenticity of email communications

  • Ensure that your record stays under the DNS lookup limit

  • Comply with Google’s latest bulk email senders’ requirements

  • Bypass spam filters more easily

  • Prevent phishing attacks and the risk of email-based attacks

  • Detect syntactical errors with this SPF diagnostic tool

  • Authorize the range of IP addresses for your legitimate sources, email clients, email service providers, and third-party email service providers

SPF checker

Common SPF Configuration Mistakes

SPF (Sender Policy Framework) is a powerful email authentication method to prevent email fraud. However, domain owners often make mistakes during the configuration process that can undermine its effectiveness. Here are some common errors to avoid:

  • Misalignment with Third-Party Vendors: Domain owners do not align their sending sources for third-party email vendors by following the sender alignment guidelines of their domain registrar
  • Invalid or Broken SPF Records: Non-authorized sources get a free pass to send emails from your domain due to invalid or broken SPF records
  • Lack of Complementary Protocols: Senders do not set up complementary email authentication protocols like DKIM (DomainKeys Identified Mail) and DMARC policies (Domain-based Message Authentication Reporting and Conformance) to improve their domain’s security further 
  • Ignoring Best Practices: Senders fail to follow optimal email deliverability practices recommended by email experts and instead rely only on traditional anti-spam filters and built-in email gateways

How To Troubleshoot SPF Authentication Failures?

To troubleshoot SPF Authentication Failures

1. Use our SPF checker to find syntax and configuration errors

2. Resolve the errors by working with your DNS provider to edit or update your record 

3. Monitor your DMARC reports to identify SPF-failing sources 

4. Block or report malicious sources impersonating your domain name 

5. Use an SPF optimization tool to always stay under SPF DNS lookup limitations

SPF checker

How to Make Sure Your SPF Record is Valid?

SPF checker
  1. Instead of relying on DIY methods that are prone to human errors, use an SPF record generator tool to create your record automatically. 
  2. List down all your sending sources to add as authorized senders in your SPF record. Make sure you are updating this list from time to time to remove any redundant IP addresses or include that can add more lookups. 
  3. Use a hosted SPF service that will make SPF record management easier. This will allow you to monitor and remove netblocks, keep track of your included domains, and comply with SPF limits.
  4. Make sure your SPF record does not exceed the 10 DNS lookup limit. This can be achieved with the help of an SPF flattening service or SPF macros – though we recommend the latter. 
  5. Avoid using the SPF PTR mechanism. As PTR records resolve an IP address to a domain name, it slows down the DNS lookup process. It is also considered to be highly unreliable as per section 5.5 of RFC 7208.
  6. Make sure you are only publishing 1 SPF record per domain. Publishing multiple SPF records can invalidate your SPF configuration.

More Email Authentication Protocols to Explore

  • DKIM

    If you want to ensure your messages cannot be tampered with before they are delivered, DKIM can help! DKIM one-ups SPF by even surviving email forwarding scenarios.

  • DMARC

    If you want to stop an authorized or suspicious email from being delivered to your client, a DMARC policy can help. This domain-based message authentication protocol allows you to define delivery policies for emails that fail authentication, along with reporting capabilities.

  • BIMI

    Visual logos are the thing of the future! BIMI helps you display your brand logo in your receiver’s inbox which gives a professional look and feel to your emails. It also increases brand recall and promotes trust.

  • MTA-STS

    MTA-STS helps you as an email receiver, combat man-in-the-middle attacks. It forces messages to get transmitted over a TLS-encrypted SMTP channel, to prevent attackers in the middle from tampering with the connection or reading your emails.

SPF checker

SPF Record Check FAQs

Check our comprehensive database of popular SPF record checker questions we come across often on our support forum.

Is SPF record check free? How often should I perform SPF checks? Why do I need SPF? What are my next steps? How To Check SPF Records In Office 365? What to do if SPF checks fail? How To Improve SPF Management With Macros? Do I need an SPF Automation Tool for SPF Record Management? How often should I use the SPF checker tool to monitor and maintain SPF records for my domain? What steps should I take if the SPF checker tool detects errors or inconsistencies in my SPF records? Why choose the PowerDMARC SPF checker, validator and record lookup tool? What Are SPF Best Practices? Why Is SPF Record Optimization Required? What Is The SPF Lookup Limitation? What Happens If You Exceed SPF Lookup Limits? What Is An SPF Permerror? Why Is SPF Permerror Harmful For You? Can SPF checks produce false positives or false negatives?
Is SPF record check free?
With PowerDMARC, SPF record checks are completely free of charge no matter how many times you need to check SPF compliances and for how many different domains. However, lookups are performed 1 domain at a time.
How often should I perform SPF checks?
Our email authentication experts recommend domain owners to perform SPF checks once every month to ensure that record validity is maintained.
Why do I need SPF?
You need SPF to enhance email security and prevent email spoofing as it allows receiving mail servers to check whether the incoming email is sent from an authorized source.
What are my next steps?
Along with SPF, it is important to set up DMARC and DKIM for well-rounded protection against cyber attacks and reduce your DNS lookups with an SPF flattening tool.
How To Check SPF Records In Office 365?
To check the SPF record in Office 365, follow these steps:
  1. Log in to your Office 365 Admin Center
  2. Go to Settings > Domain
  3. Select your domain name and click on DNS records
  4. Check if your TXT status is ok, and review your SPF record from the list of DNS records.
What To Do If SPF Checks Fail?
Failing SPF checks in email authentication can lead to several consequences:
  • Increased likelihood of emails being marked as spam or rejected by recipient servers.
  • Diminished email deliverability, affecting communication with clients, partners, or customers.
  • Higher risk of phishing attacks succeeding, as spoofed emails may appear legitimate to recipients.
  • Damage to the sender's reputation, potentially leading to being blacklisted by email service providers.
  • Negative impact on brand reputation due to compromised email security and potential misuse of the sender's domain.
How To Improve SPF Management With Macros?
At PowerDMARC, we do more than just offer SPF flattening services. While our platform fully supports automatic and dynamic flattening methods for SPF, we also offer an alternative (and better) solution. In several cases, traditional as well as automatic SPF flattening methods fall short in optimizing your record effectively. Hence, we encourage using Macros.

Our platform supports SPF Macros integration which optimizes your record to stay under SPF limits for both lookups and character length! Macros are also effective in far more complex situations in comparison to flattening. This ensures an optimal and error-free SPF experience.
Do I need an SPF Automation Tool for SPF Record Management?
While using an SPF automation tool for SPF record management is not mandatory - it is recommended. Automation tools can ensure your record is error-free, and provide easy and instant optimization through flattening or preferably Macros integration. It saves organizations a lot of time, money, and effort.
How Often Should I Use The SPF Checker Tool?
It's recommended to periodically monitor and maintain SPF records for your domain, especially after any changes to your email infrastructure or domain settings.

A good practice is to check SPF records whenever you make updates to your DNS records, email servers, or sender policies. Additionally, regular checks, such as every few months or after significant changes, can help ensure the continued effectiveness of your SPF configuration.
What Steps To Take If The SPF Checker Tool Detects Errors In Your SPF Record?
If the SPF checker tool identifies errors or inconsistencies in your SPF records, consider the following steps:
  • Review the SPF record syntax and configuration for accuracy, ensuring that it includes all authorized email sources.
  • Correct any misconfigurations, such as missing or incorrect IP addresses, or mechanisms.
  • Update DNS records with the revised SPF information and allow time for DNS propagation.
  • Test the revised SPF record using the SPF checker tool to verify its accuracy.
  • Monitor email deliverability and SPF authentication status to ensure that the issues have been resolved effectively through DMARC reports.
  • Consider consulting with our email security experts for assistance in troubleshooting and optimizing SPF configurations. Contact us now!
Why Choose The PowerDMARC SPF Checker, Validator, And Record Lookup Tool?
While SPF records can be looked up manually, using PowerDMARC’s SPF validation tool is a no-brainer. We do more than just a routine SPF lookup. We provide an in-depth analysis of your SPF record syntax and DNS configuration. Our SPF lookup tool provides an overview as well as highlights errors in your SPF record.

This allows you to easily edit your SPF record and fix your errors, saving you a lot of time. As it is free, there are no limits to the number of times you can use our tool to check your SPF record!
What Are SPF Best Practices?
To help keep your SPF record functioning properly, you can follow the tips given below:
  • Make sure you are following RFC-specified SPF restrictions. The details of these limitations have been explained more in the next question.
  • Make sure you are authorizing all your email-sending sources, including third-party vendors. Failing to authorize email vendors and service providers you use to frequently send emails can lead to serious deliverability issues. Generally, you can find configuration guides in the support section on each of your vendor websites. Alternatively, you can check out our FAQs and blogs to find steps to configure SPF records for most vendors.
  • Avoid using SPF mechanisms like the “PTR”. It is widely considered unreliable and slows down the authentication process. It also introduces more complexities in your SPF record.
  • White SPF “-all” and “~all” can both be configured as a part of best SPF practices, in case of safe SMTP relaying we recommend using the softfail mechanism (~all). On a hardfail policy, relayed SMTP emails will fail SPF, leading to potential deliverability issues.
Why Is SPF Record Optimization Required?
There are several reasons why SPF record optimization may come in handy. Below are some of the reasons:

Outdated SPF records
Your SPF record may be outdated. In this sense, you may have expanded your emailing efforts by onboarding other email service providers or simply switched from your current vendor to a new one. Your DNS doesn’t know this! Hence you need to access your DNS to edit your SPF record and include these new sending sources.

Extremely long SPF records
If your SPF record is too long, so much so that it exceeds the string character limit, then optimization becomes important. You need to shorten your record to stay under the character length limit so SPF functions properly.

SPF records requiring more than 10 lookups
Oftentimes your SPF record may need more than 10 DNS queries to look up and verify sending sources. This isn’t permitted and can lead to SPF permerror. Hence you may need to optimize your record to reduce complexities and stay under the permitted lookup limit.
What Is The SPF Lookup Limitation?
The Internet Engineering Task Force defines a set limit for the number of permitted lookups during an SPF verification session. The maximum number is 10. If an SPF record exceeds 10 DNS lookups, SPF breaks and returns a permerror result.

Moreover, IETF also limits the number of void lookups (DNS lookups that return an empty response) to a maximum of 2.
What Happens If You Exceed SPF Lookup Limits?
If your record exceeds the limit for SPF lookups, your record will break and get invalidated. You will also receive a permerror (permanent error) result for the verification. This may often be treated as an SPF fail by receiving servers and can potentially lead to email deliverability issues.
What Is An SPF Permerror?
SPF permerror denotes a permanent error in your SPF record that is typically caused when the SPF record breaks due to errors in your record, missing SPF record, or exceeding the limitations defined for SPF.
Why Is SPF Permerror Harmful For You?
SPF permerror is a permanent error which means that a retrial or a timeout will not fix it! When you receive an SPF permerror result, it is an indication of SPF failure. In several cases, emails failing SPF can be rejected or flagged as spam or potentially suspicious.

This takes a toll on your brand reputation, your credibility, your email deliverability, and in turn your email marketing efforts.
Can SPF Checks Produce False Positives Or False Negatives?
SPF checks may incorrectly flag legitimate emails as spam or unauthorized if the sender's SPF record is misconfigured or if the email is forwarded through intermediary servers not listed in the SPF record.

Forwarding scenarios can present challenges for SPF because forwarding often involves relaying emails through intermediary servers that may not be listed in the original sender's SPF record. This can lead to SPF failures if the forwarding server's IP address is not authorized in the SPF record.

Include Mechanism: SPF allows domain owners to authorize additional servers to send emails on their behalf using the "include" mechanism. This mechanism allows a domain owner to delegate email-sending responsibilities to third-party services or other domains. By including these authorized servers in the SPF record, forwarding scenarios involving these servers can be properly authenticated.

Despite this, SPF does have limitations in handling forwarding scenarios. For instance, SPF may not work reliably in scenarios involving multiple forwarders or complex forwarding chains. Additionally, SPF does not inherently authenticate the content of emails, so even authenticated forwarded emails could still be phishing attempts or contain malicious content. Therefore, it's essential to complement SPF with other email authentication mechanisms like DKIM and DMARC to enhance email security comprehensively.

What Our Clients & Partners Say About Us

PowerDMARC is a highly reliable and effective domain security platform with a user-friendly interface.

Belgin Abraham (CEO, Channel Next)

Read more

“Very easy and intuitive multi-tenant management. Flexible partner program with easy to work with terms and pricing. Overall a fantastic company, product, and MSP vendor.”

Bill Barnett (Founder and President at ClearView IT)

Read more

“PowerDMARC has made enabling DKIM and DMARC settings, and monitoring results very easy for my domain.”

Mr. Toshikazu Watanabe (Domain Owner)

Read more