Validate SPF records and email authentication for any domain
Enter a domain name to check and validate its SPF (Sender Policy Framework) record
SPF (Sender Policy Framework) is an email authentication protocol that helps prevent email spoofing and phishing attacks. It works by allowing domain owners to specify which mail servers are authorized to send emails on behalf of their domain through DNS TXT records.
Our SPF Checker tool validates your SPF records, parses SPF mechanisms, and identifies potential configuration issues that could affect email deliverability or security.
Stop attackers from sending fraudulent emails that appear to come from your domain
Properly configured SPF records increase the likelihood your emails reach the inbox
Verify that emails claiming to be from your domain are actually authorized
Protect your domain's sender reputation and prevent blacklisting
SPF version identifier. All SPF records must start with this.
Authorizes a specific IPv4 address or range (e.g., ip4:192.0.2.0/24)
Authorizes a specific IPv6 address or range (e.g., ip6:2001:db8::/32)
Includes SPF records from another domain (e.g., include:_spf.google.com)
Authorizes the domain's A record IP addresses
Authorizes the domain's MX record IP addresses
Default action for IPs not matching other mechanisms (usually ~all or -all)
Checks reverse DNS (deprecated, not recommended for use)
Explicitly allow the IP. Default qualifier if none specified.
Reject the email. Example: -all (reject all non-matching IPs)
Accept but mark as suspicious. Example: ~all (most common)
No policy statement. Treated as neither pass nor fail.
Always end your SPF record with ~all or -all to define what happens with non-matching IPs
Stay under 10 DNS lookups. Each include, a, mx, and ptr counts toward this limit
Use ip4/ip6 when possible instead of include to reduce DNS lookups
Test your SPF record after any email infrastructure changes
Only have one SPF record per domain. Multiple SPF records will cause failures
Never use +all as it allows anyone to send email as your domain
SPF has a limit of 10 DNS lookups. Each include, a, mx, and ptr mechanism counts. Solution: Replace includes with direct ip4/ip6 addresses or flatten your SPF record.
Having multiple SPF records will cause SPF validation to fail. Solution: Combine all SPF rules into a single TXT record starting with "v=spf1".
SPF records must start with "v=spf1" and typically end with an all mechanism. Solution: Ensure proper syntax and validate using our tool before publishing.
The ptr mechanism is deprecated and can cause issues with email delivery. Solution: Remove ptr mechanisms and use ip4, ip6, or include instead.
Powered by Cloudflare and Google DNS infrastructure for accurate SPF validation
