Free SPF Record Checker

Instantly verify SPF record for any domain

Enter a domain name below to check its SPF record and verify email authentication setup.

What is SPF?SPF Setup GuideSPF Record TagsSPF Best PracticesFAQEmail Checker

What is SPF?

Sender Policy Framework (SPF) is an email authentication method that helps prevent email spoofing by verifying sender IP addresses.

Email Authentication

SPF validates that emails are sent from authorized IP addresses for a domain

Prevent Spoofing

Helps protect your domain from being used in phishing and spam attacks

Improve Delivery

Properly configured SPF records improve email deliverability rates

Why Check SPF Records?

Regular SPF monitoring ensures your email authentication is working correctly and your domain is protected.

Verify Configuration

Ensure your SPF record is published and syntactically correct

Prevent Spoofing

Confirm your domain is protected against email spoofing attacks

Improve Deliverability

Valid SPF records help emails reach the inbox instead of spam

Troubleshoot Issues

Identify and resolve email authentication problems quickly

Understanding SPF Result Fields

Learn what each field in the SPF check results means and how to interpret them.
queried_domain

The domain that was checked for SPF records

found

Whether an SPF record was found (true/false)

record

The raw SPF record text as published in DNS

parsed

Parsed components of the SPF record for analysis

records_checked

Number of DNS TXT records examined during the lookup

SPF Setup Guide

Step-by-step instructions to create and publish SPF records for your domain.
Step 1

Identify Email Sources

List all services and servers that send email for your domain

  • Your web server or email server IP addresses
  • Third-party services like Google Workspace, Office 365
  • Marketing platforms like MailChimp, SendGrid
  • CRM systems and transactional email services
  • Any other authorized email senders
Step 2

Create SPF Record

Build your SPF record with proper syntax and mechanisms

  • Start with 'v=spf1' version identifier
  • Add 'ip4:' or 'ip6:' for specific IP addresses
  • Use 'include:' for third-party services
  • Add 'a' or 'mx' mechanisms if needed
  • End with '~all' (soft fail) or '-all' (hard fail)
Step 3

Publish DNS Record

Add the SPF record as a TXT record in your DNS

  • Log into your DNS provider or domain registrar
  • Create a new TXT record for your root domain
  • Set the name/host field to '@' or leave blank
  • Paste your SPF record as the value
  • Save the record and wait for DNS propagation
Step 4

Test and Verify

Use our SPF checker to verify the record is working correctly

  • Wait 15-30 minutes for DNS propagation
  • Use our SPF checker tool to verify publication
  • Send test emails to check authentication
  • Monitor email headers for SPF results
  • Update the record if issues are found

SPF Record Mechanisms Reference

Complete reference of SPF mechanisms and their usage in email authentication.
v=spf1

Version

Required

Specifies the SPF version. Must always be 'spf1' and appear first

Example:

v=spf1

Required at the beginning of every SPF record

ip4:

IPv4 Address

Authorizes a specific IPv4 address or CIDR range to send email

Example:

ip4:192.168.1.1 or ip4:192.168.1.0/24

Use for specific server IP addresses

ip6:

IPv6 Address

Authorizes a specific IPv6 address or range to send email

Example:

ip6:2001:db8::1 or ip6:2001:db8::/32

Use for IPv6 server addresses

a

A Record

Authorizes the A record IP addresses of the domain to send email

Example:

a or a:mail.example.com

Includes domain's A record IPs

mx

MX Record

Authorizes the MX record IP addresses of the domain to send email

Example:

mx or mx:example.com

Includes domain's MX record IPs

include:

Include

Includes the SPF record of another domain

Example:

include:_spf.google.com

Use for third-party email services

exists:

Exists

Passes if the specified domain exists in DNS

Example:

exists:example.com

Advanced mechanism, rarely used

redirect=

Redirect

Redirects SPF processing to another domain's SPF record

Example:

redirect=_spf.example.com

Alternative to include, cannot be used with 'all'

~all

Soft Fail

Soft fail for emails not matching any mechanism (recommended)

Example:

~all

Recommended for most implementations

-all

Hard Fail

Hard fail (reject) for emails not matching any mechanism

Example:

-all

Use only when SPF is fully configured and tested

+all

Pass All

Pass all emails (not recommended for security)

Example:

+all

Provides no protection, avoid using

?all

Neutral

Neutral result for emails not matching any mechanism

Example:

?all

Provides minimal protection

SPF Troubleshooting Guide

Resolve common SPF authentication issues and improve email deliverability with these expert solutions.

Messages failing SPF authentication

Symptoms

  • Legitimate emails being rejected by receiving servers
  • Messages sent to recipients' spam folders
  • SPF authentication failures in email headers

Causes

  • Incomplete SPF record missing authorized senders
  • Incorrect SPF syntax or mechanisms
  • Exceeding 10 DNS lookup limit
  • Missing third-party email service includes

Solutions

  • Verify all email sources are included in SPF record
  • Check SPF syntax and fix any errors
  • Optimize DNS lookups by using specific IP addresses
  • Add include mechanisms for all third-party services

SPF record not found or invalid

Symptoms

  • No SPF entry in authentication results
  • Best guess record warnings in headers
  • DNS resolution errors for SPF lookups

Causes

  • SPF record not published in DNS
  • Incorrect DNS record type or name
  • DNS propagation delays or provider issues
  • Malformed SPF record syntax

Solutions

  • Publish SPF record as TXT record in DNS
  • Verify record name is set correctly (@ or blank)
  • Wait up to 48 hours for DNS propagation
  • Check SPF syntax starts with 'v=spf1'

Message forwarding breaks SPF

Symptoms

  • SPF failures for forwarded emails
  • Legitimate emails marked as spam after forwarding
  • Different SPF results for original vs forwarded messages

Causes

  • Forwarding server changes message envelope
  • Original sender IP not preserved
  • Forwarding service not SPF-aware

Solutions

  • Contact forwarding service about SPF handling
  • Implement DMARC with relaxed alignment
  • Use SRS (Sender Rewriting Scheme) if available
  • Consider alternative forwarding methods

Exceeding DNS lookup limit

Symptoms

  • SPF temperror or permerror results
  • Inconsistent SPF authentication results
  • SPF failures despite correct configuration

Causes

  • Too many include mechanisms in SPF record
  • Nested includes counting toward limit
  • Using 'a' and 'mx' mechanisms excessively

Solutions

  • Replace include mechanisms with specific IP addresses
  • Remove duplicate or unused mechanisms
  • Flatten nested includes where possible
  • Use ip4/ip6 mechanisms instead of a/mx

Understanding SPF Authentication Results

Learn how to interpret SPF results in email headers and troubleshoot authentication issues.
pass

SPF authentication succeeded - the sending IP is authorized

The message was sent from an IP address authorized in the SPF record

Action Required:

No action needed - SPF is working correctly

fail

SPF authentication failed - the sending IP is not authorized

The message was sent from an IP address not listed in the SPF record

Action Required:

Check if sender should be authorized and update SPF record if needed

softfail (~all)

SPF soft failure - sender not authorized but not rejected

The sending IP doesn't match SPF record but policy is lenient

Action Required:

Monitor for legitimate senders and update SPF record as needed

neutral

SPF neutral result - no explicit policy for the sender

The SPF record doesn't specify whether the sender is authorized

Action Required:

Review SPF record completeness and add missing mechanisms

temperror

Temporary SPF error - DNS lookup issues or timeouts

SPF check couldn't complete due to temporary DNS problems

Action Required:

Check DNS configuration and wait for resolution

permerror

Permanent SPF error - invalid record syntax or format

The SPF record has syntax errors or exceeds lookup limits

Action Required:

Fix SPF record syntax and reduce DNS lookups if needed

none

No SPF record found for the domain

The domain doesn't have an SPF record published

Action Required:

Create and publish an SPF record for the domain

SPF DNS Lookup Optimization

Optimize your SPF record to stay within the 10 DNS lookup limit and improve performance.

Use Specific IP Addresses

Replace 'include:' mechanisms with 'ip4:' or 'ip6:' when possible

Example:

Replace 'include:_spf.example.com' with 'ip4:192.168.1.1'

Benefit:

Reduces DNS lookups and improves SPF check speed

Remove Unused Mechanisms

Audit and remove mechanisms for services no longer used

Example:

Remove 'include:_spf.oldprovider.com' after switching providers

Benefit:

Reduces lookup count and eliminates potential failures

Flatten Nested Includes

Replace nested includes with direct mechanisms when possible

Example:

If included domain only has IP addresses, use those IPs directly

Benefit:

Prevents nested lookups from counting against your limit

Consolidate Mechanisms

Combine multiple mechanisms for the same service

Example:

Use CIDR notation 'ip4:192.168.1.0/24' instead of multiple IPs

Benefit:

Reduces record length and complexity

Monitor Lookup Count

Regularly check your SPF record's DNS lookup count

Example:

Use SPF testing tools to verify you're under the 10 lookup limit

Benefit:

Prevents SPF failures due to exceeded lookup limits

Common SPF Implementation Mistakes

Avoid these frequent pitfalls that can break SPF authentication and harm email deliverability.

Multiple SPF records

Publishing more than one SPF record for the same domain

Consequence:

DNS resolution fails and SPF authentication breaks completely

Solution::

Combine all mechanisms into a single SPF record

Forgetting third-party services

Not including email marketing platforms, CRMs, or other services

Consequence:

Legitimate emails from these services fail SPF and get blocked

Solution::

Audit all email sources and include their SPF mechanisms

Using overly broad IP ranges

Including large shared IP ranges from cloud providers

Consequence:

Allows unauthorized senders to pass SPF authentication

Solution::

Use specific IP addresses or smaller CIDR ranges

Exceeding DNS lookup limit

Having more than 10 DNS lookups in the SPF record

Consequence:

SPF authentication fails with permerror result

Solution::

Optimize record by using IP addresses instead of includes

Incorrect record placement

Publishing SPF record on wrong subdomain or with wrong name

Consequence:

SPF record not found during authentication checks

Solution::

Publish SPF record on root domain with correct DNS name

Using deprecated mechanisms

Including 'ptr' mechanism or other deprecated SPF features

Consequence:

Unreliable authentication and potential security issues

Solution::

Remove deprecated mechanisms and use modern alternatives

SPF Best Practices

Follow these recommendations for effective SPF implementation and maintenance.

Start with Soft Fail

Use '~all' initially to avoid blocking legitimate emails during testing

Keep Records Simple

Avoid overly complex SPF records that are hard to maintain and debug

Monitor DNS Lookups

SPF has a 10 DNS lookup limit; use 'include:' mechanisms efficiently

Regular Testing

Test SPF records regularly, especially after infrastructure changes

Document Changes

Keep records of all authorized email sources and SPF modifications

Use Specific IPs

Prefer 'ip4:' and 'ip6:' over 'a' and 'mx' mechanisms when possible

Avoid Multiple Records

Never publish multiple SPF records; combine all mechanisms into one

Plan for Growth

Design SPF records that can accommodate future email sources

SPF Checker FAQ

Common questions about SPF records and email authentication.

Try Email Validation API for free!

Get started with our email validation API and experience the power of AI-powered email validation.

No credit card required
100 credits free