Free SPF Record Checker

SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are authorized to send email on behalf of your domain. It helps prevent spammers from sending messages with forged From addresses.

How this check works

This tool queries the TXT records for the domain, identifies the SPF record (starting with v=spf1), and parses each mechanism and modifier. It recursively followsinclude: and redirect= references, counting DNS lookups against the RFC 7208 limit of 10. Each mechanism is validated for syntax and reachability.

Limitations: This check reflects DNS records at the time of lookup. It does not test actual email delivery or verify that the SPF record produces the intended pass/fail results for specific sending IPs. Void lookup limits (2 per RFC 7208) are checked but DNS timeout behavior may differ from production resolvers.

The 10 DNS Lookup Limit

SPF has a strict limit of 10 DNS lookups per record. Each include:, a:, mx:, and redirect= mechanism counts as a lookup. Exceeding this limit causes a "PermError" and SPF validation fails.

Common SPF Issues

• Too many DNS lookups — Flatten your SPF record or use a hosting service.
• Multiple SPF records — Only one v=spf1 TXT record per domain. Multiple records cause PermError.
• Void lookups — DNS queries returning NXDOMAIN or empty results. RFC 7208 limits these to 2.
• Circular references — Include chains that loop back on themselves, causing infinite resolution.
• Mechanisms after "all" — Anything after the all mechanism is never evaluated.
• redirect + all conflict — redirect= is ignored when any all mechanism is present.
• Missing authorized senders — Ensure all your email services are included.
• Weak ending mechanism — Use -all instead of ~all for better protection.

Example SPF Record

v=spf1 include:_spf.google.com include:sendgrid.net -all