Tool

SPF Record Checker

Check if a domain has a valid SPF record — see which senders are authorised, the enforcement policy, and include depth.

What is SPF?

Sender Policy Framework (SPF) is a DNS record that specifies which mail servers are authorised to send email from a domain. It helps prevent email spoofing and phishing. The -all directive means strict enforcement — any unlisted sender is rejected outright.

SPF policy strength explained

-all
Hard failReject all unlisted senders. Strongest protection — recommended.
~all
Soft failAccept but flag suspicious senders. Good for testing before going strict.
?all
NeutralNo enforcement. Practically the same as having no SPF.
+all
Pass allAllows any sender to send as your domain. Never use this.

Frequently asked questions

Why does SPF fail even with a record?

Common causes: sending from an unlisted IP, more than 10 DNS lookups (includes + redirects), or a forwarded email changing the envelope-from.

What is the 10-lookup limit?

RFC 7208 limits SPF evaluation to 10 DNS lookups. Exceeding this causes a "permerror" — email may be rejected even from legitimate senders.

Should I use SPF alone?

SPF alone is not enough. Pair it with DKIM signatures and a DMARC policy for full email authentication protection.