SPF Record Checker

An SPF (Sender Policy Framework) record is a DNS TXT record that lists all the IP addresses and mail servers authorised to send email on behalf of your domain. When a receiving mail server gets a message from your domain, it checks the SPF record to verify the sending IP is on your approved list. A valid SPF record helps prevent email spoofing and improves deliverability.

No. A domain must have exactly one SPF record. Having two or more TXT records that begin with "v=spf1" causes a PermError, and receiving mail servers will treat the SPF check as failed. If you need to authorise multiple sending services, combine them into a single SPF record using the include: mechanism.

The SPF specification (RFC 7208) limits a domain to 10 DNS lookups when evaluating its SPF record. Mechanisms that trigger a lookup include include:, a, mx, ptr, and exists. If your record exceeds this limit, the evaluation results in a PermError and receiving servers may treat it as a fail. This is a common problem when you include multiple third-party sending services, each of which may itself include further records.

The all mechanism at the end of an SPF record controls what happens to mail from senders not listed in your record. ~all (softfail) tells receiving servers the mail is probably not legitimate but to accept it and mark it as suspicious. -all (fail) tells receiving servers to reject mail that does not match. For domains with DMARC in place, -all is recommended as it gives a stronger signal to receiving servers and reduces spoofing risk.