SPF Record Validator

What Does This Tool Check?

What is SPF (Sender Policy Framework)?

SPF is a DNS TXT record that lists the mail servers authorized to send email on behalf of a domain. The receiving mail server compares the source of an incoming email against this list to determine whether the message is legitimate.

This tool queries the domain's TXT records, finds the record starting with v=spf1, and displays its content.

How to Interpret Results

Understanding SPF policy values

-all (hard fail)

Emails from servers not in the list are rejected. The strongest protection level. Use once you're confident all legitimate senders are in your record.

~all (soft fail)

Emails from unlisted servers are marked suspicious but not rejected. A reasonable starting point for most configurations.

?all (neutral)

No verdict is given. Insufficient — no protection signal is sent to receiving servers.

+all

Allows anyone to send email from this domain. Do not use this.

Common Mistakes

Frequent SPF configuration errors

• Creating multiple SPF records (RFC 7208 violation). All authorized senders must be merged into a single record.
• Not updating the SPF record when adding new email services, causing those services to fail SPF checks.
• Chaining too many include: mechanisms and exceeding the 10 DNS lookup limit.
• Placing the "all" mechanism in the middle of the record instead of the end — "all" must always be last.
• Entering a domain name in ip4:/ip6: instead of an IP address.

FAQ

Frequently asked questions