Free SPF Record Checker
Validate your domain's SPF record, check enforcement policy, and identify email authentication issues. Instant results, no signup required.
What is an SPF Record?
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. It is one of the three pillars of email authentication, alongside DKIM and DMARC, and plays a critical role in preventing email spoofing and improving deliverability.
Prevent Email Spoofing
Without SPF, anyone can send emails pretending to be from your domain. An SPF record tells receiving servers which IPs are allowed to send on your behalf, blocking unauthorized senders.
Improve Deliverability
Email providers like Gmail, Outlook, and Yahoo check SPF records to determine if an email is legitimate. A valid SPF record helps your emails land in the inbox instead of the spam folder.
Protect Your Reputation
When spammers forge your domain, it damages your sender reputation. SPF enforcement ensures only authorized servers can use your domain, protecting your brand and email reputation.
How SPF Records Work
SPF Record Syntax
An SPF record is a TXT record published in your domain's DNS. Here is an example:
v=spf1 include:_spf.google.com include:sendgrid.net ip4:203.0.113.0/24 -all
This record authorizes Google Workspace, SendGrid, and IP range 203.0.113.0/24 to send email. The -all mechanism tells receivers to reject emails from any other source.
Hard Fail (-all) vs Soft Fail (~all)
Hard fail (-all) instructs receiving servers to reject unauthorized emails outright. Soft fail (~all) marks them as suspicious but still delivers them. For maximum protection, use -all once you have confirmed all your legitimate sending sources.
DNS Lookup Limit
SPF records are limited to 10 DNS lookups. Each include:, a:, or mx: mechanism counts as one lookup. Exceeding this limit causes SPF validation to fail entirely, known as a "permerror." Our checker validates this for you.
What Our SPF Checker Validates
SPF Record Presence
Checks if a valid SPF TXT record exists for your domain.
Enforcement Mechanism
Validates whether you use hard fail (-all), soft fail (~all), or neutral (?all).
DMARC Alignment
Checks if your DMARC record works alongside SPF for full email protection.
Overall DNS Health
Provides a comprehensive DNS health score covering SPF, DMARC, DNSSEC, CAA, and all record types.
SPF Checker - Frequently Asked Questions
What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that lists the IP addresses and servers authorized to send email from your domain. When a receiving server gets an email, it checks the SPF record to verify the sender is legitimate.
What is the difference between -all and ~all in SPF?
Hard fail (-all) instructs receivers to reject emails from unauthorized servers. Soft fail (~all) marks them as suspicious but still delivers them. Hard fail provides stronger protection and is recommended once you've confirmed all legitimate sending sources.
How many DNS lookups can an SPF record have?
SPF records are limited to 10 DNS lookups. Each include:, a:, mx:, and redirect mechanism counts as a lookup. Exceeding this limit causes a 'permerror' and SPF validation fails entirely.
Do I need SPF if I already have DMARC?
Yes. DMARC relies on SPF and/or DKIM to authenticate emails. Without a valid SPF record, DMARC cannot verify the sending server's authorization, weakening your email security posture.
How do I create an SPF record?
Add a TXT record to your domain's DNS with a value like: v=spf1 include:_spf.google.com -all. Replace the include mechanism with your email provider's SPF domain. Use our checker to validate the record after adding it.
Can I have multiple SPF records?
No. The SPF specification requires exactly one SPF TXT record per domain. Having multiple SPF records causes a 'permerror' and SPF checks fail. If you need to authorize multiple senders, combine them in a single record using include: mechanisms.
Monitor Your SPF Record Continuously
Get instant alerts when your SPF record changes. DNSMonit checks SPF, DKIM, DMARC, and all DNS records automatically, so you never miss an unauthorized modification.