New tools added: CVE Lookup, MAC Lookup, Bandwidth Calculator, RAID Calculator and DMARC Parser — all free, no account needed.

SPF Record Checker

Look up and analyse the SPF TXT DNS record for any domain. Verify sender policy and identify authorised mail servers.

About the SPF Record Checker

Sender Policy Framework (SPF) is an email authentication standard that allows domain owners to specify which mail servers are authorised to send email on behalf of their domain. It helps receiving mail servers identify and reject emails that claim to come from your domain but were actually sent by unauthorised servers — a common tactic in phishing and spoofing attacks.

How SPF works

An SPF record is published as a TXT DNS record on your domain. It contains a list of authorised IP addresses, hostnames, and mechanisms. When an email arrives, the receiving server performs these steps:

  1. Reads the domain from the sender's email address (or the envelope sender)
  2. Looks up the SPF TXT record for that domain in DNS
  3. Checks whether the IP address of the sending server matches any authorised source in the record
  4. Accepts, rejects, or flags the message based on the result and the SPF policy qualifier

SPF qualifiers and results

  • +all / pass — The sending server is explicitly authorised. Good to see for your own servers.
  • -all / fail (hardfail) — Email from unauthorised senders should be rejected. The most restrictive and recommended setting.
  • ~all / softfail — Email from unauthorised senders should be accepted but marked as suspicious. Often used during transitional periods.
  • ?all / neutral — No assertion about authorisation. Provides no protection against spoofing.

SPF and the 10 DNS lookup limit

The SPF specification limits the number of DNS lookups an SPF record can trigger to 10. Complex records that include many include: mechanisms from third-party email providers (marketing tools, helpdesks, CRMs) can exceed this limit, causing SPF evaluation to fail with a permerror. If you see a permerror, review your record and consider flattening includes into direct IP ranges.

SPF works best when combined with DKIM and DMARC. Together these three standards form a complete email authentication solution that significantly reduces the risk of spoofing and improves deliverability.

Related tools

All DNS & Domain →
DNS Lookup Look up DNS records for any domain. Query A, AAAA, MX, TXT, CNAME, NS, SOA and m… MX Lookup Look up mail exchanger (MX) records for any domain to find email servers. TXT Record Lookup Look up TXT DNS records for a domain including SPF, DMARC, and verification toke… CNAME Lookup Look up CNAME (canonical name) DNS records to find domain aliases.

Frequently asked questions

What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that specifies which IP addresses and mail servers are authorised to send email on behalf of your domain. It helps prevent email spoofing.
What does ~all vs -all mean?
~all (softfail) marks unauthorised senders as suspicious but still delivers the email. -all (fail/hardfail) rejects or discards email from unauthorised senders. +all allows anyone (insecure). ?all is neutral.
My SPF record was not found. What does that mean?
The domain has no SPF record, which means all senders are technically allowed (no policy). This can make your domain vulnerable to spoofing. Add an SPF TXT record to your DNS.
What is the SPF lookup limit?
SPF limits DNS lookups to 10. Having too many include: mechanisms, redirect=, a:, mx:, exists:, and ptr: mechanisms can exceed this limit, causing SPF to permerror.