Validate SPF DNS syntax, check a domain SPF record, parse mechanisms and count include-chain DNS lookups against the 10-lookup limit.
Enter a domain above to check its SPF record, validate SPF DNS syntax, parse mechanisms and count DNS lookups.
SPF (Sender Policy Framework) is a single DNS TXT record that lists which servers are allowed to send mail for your domain. This SPF record checker reads the published v=spf1 value, validates SPF DNS syntax, and explains every mechanism in the sender policy.
The most common failure is the 10-lookup limit: every include, a, mx, ptr, exists and redirect term costs a DNS query, and nested includes count too. Cross 10 and the whole record returns a PermError. The ip4 and ip6 terms are free, so flatten stable includes into ranges where you can.
SPF helps receivers evaluate whether the connecting server is authorized, but it is not a complete anti-spoofing system by itself. Pair SPF with DKIM and a DMARC policy so receivers can also evaluate domain alignment and reporting.
An SPF record checker validates a domain TXT record that starts with v=spf1. It parses mechanisms such as include, ip4, ip6, a, mx, redirect, and all so you can understand the authorized mail sender policy.
RFC 7208 caps SPF evaluation at 10 DNS-querying mechanisms, including include, a, mx, ptr, exists, and redirect. Nested includes count toward the same budget; exceeding it causes a PermError.
Start with ~all while confirming every legitimate sender is listed, then move to -all when ready. SPF alone does not guarantee inbox placement, so pair it with DKIM and DMARC alignment.
Publishing more than one v=spf1 TXT record creates a PermError. Merge all authorized senders into a single SPF record using mechanisms such as include, ip4, ip6, a, and mx.