Free SPF Record Checker — Validate Your SPF DNS Record

What This Tool Does

The SPF Record Checker looks up and validates the SPF (Sender Policy Framework) TXT record for any domain. SPF records tell receiving mail servers which IP addresses are authorized to send email on behalf of your domain.

This tool fetches DNS TXT records, identifies the SPF record, analyzes each mechanism, and checks for the 10-DNS-lookup limit, syntax issues, and policy recommendations. For complete email verification, visit our email verifier.

How to Use This Tool

Enter your domain — Type or paste the domain name into the input field.
Click Check SPF — The tool queries DNS for TXT records and parses the SPF record.
Review the results — Check for warnings about lookup limits, syntax errors, or policy recommendations.

Related Tools

DKIM Checker

Verify DKIM signing keys and DNS records.

DMARC Checker

Validate your DMARC policy configuration.

MX Record Checker

Look up mail server DNS records.

Blacklist Checker

Check if your IP or domain is blacklisted.

Need full email verification? Try our free email verifier with 99.5% accuracy.

How SPF Record Checking Works

When you submit a domain to our SPF Record Checker, the tool performs a real-time DNS lookup to retrieve all TXT records published for that domain. It then filters through these records to identify the one beginning with v=spf1, which is the standard SPF version tag defined by RFC 7208. Once the SPF record is located, the tool parses every mechanism and modifier in the record, including ip4, ip6, include, a, mx, redirect, and all qualifiers. Each mechanism is evaluated individually for correct syntax and logical consistency.

Beyond basic parsing, the checker recursively follows include and redirect references to calculate the total number of DNS lookups your SPF record requires. The SPF specification enforces a strict limit of 10 DNS lookups per evaluation. Exceeding this limit causes a permanent error (PermError), which means receiving servers treat your SPF record as invalid and may reject your emails outright. The tool also checks for duplicate mechanisms, conflicting qualifiers, overly permissive policies such as +all, and records that exceed the 255-character TXT string limit. This comprehensive analysis gives you a complete picture of your SPF health in seconds.

When to Use This Tool

Setting up a new domain for email sending — Before launching campaigns from a new domain, verify that your SPF record correctly authorizes your email service providers such as Google Workspace, Microsoft 365, Mailchimp, or SendGrid.
Troubleshooting email delivery failures — If recipients report missing emails or your messages land in spam, an invalid or incomplete SPF record is one of the most common causes. Use this tool to identify and fix the issue.
After adding a new email service provider — Every time you add a new sending service, you need to update your SPF record with the appropriate include mechanism. Check your record afterward to ensure you have not exceeded the 10-lookup limit.
Regular email infrastructure audits — Security best practices recommend reviewing your SPF record quarterly. Services change their sending infrastructure, and stale include entries can create vulnerabilities or unnecessary DNS lookups.

Understanding Your Results

After the scan completes, your results will show the raw SPF record along with a detailed breakdown of each mechanism. A green status indicates that your record is valid and well-configured. Warnings in yellow highlight potential issues that will not cause immediate failures but may affect deliverability over time, such as using the soft fail ~all qualifier instead of the stricter -all (hard fail). Red errors indicate critical problems like syntax violations, exceeding the 10-lookup limit, or using the dangerous +all mechanism that authorizes any server to send on your behalf.

The lookup counter is one of the most important metrics in the results. Each include, a, mx, redirect, and exists mechanism costs one DNS lookup, and nested includes within those references also count toward the limit. If you are at 9 or 10 lookups, you are at risk of exceeding the limit whenever a referenced domain adds more entries. Consider flattening your SPF record or using an SPF macro service to reduce lookup counts. The tool also flags records without a terminating all mechanism, which leaves your policy ambiguous and may cause inconsistent handling across different mail servers.

Frequently Asked Questions

What is an SPF record?

An SPF (Sender Policy Framework) record is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. It helps prevent email spoofing and phishing by allowing receiving servers to verify that incoming mail comes from an authorized source. Use our email verifier to check if addresses pass SPF authentication.

What does "too many DNS lookups" mean in SPF?

The SPF specification (RFC 7208) limits SPF records to 10 DNS lookups. Each "include", "a", "mx", and "redirect" mechanism counts as a lookup. If your SPF record exceeds this limit, it will fail validation and your emails may be rejected. Flatten your SPF record by replacing includes with direct IP ranges where possible.

How do I fix a broken SPF record?

Common SPF fixes include: removing duplicate mechanisms, flattening nested includes to stay under the 10-lookup limit, ensuring the record starts with "v=spf1", adding all your sending services (ESP, CRM, transactional email provider), and ending with "-all" (hard fail) or "~all" (soft fail). After fixing, verify with this checker tool.

Try our free email verifier — verify any email instantly, no signup required. Need bulk verification? Upload your list and clean thousands of emails in minutes.

Developers: integrate email verification into your app with our RESTful API — SDKs for 7 languages.

Guides: best practices · sender reputation · IP warming