SPF Checker: Check Your SPF Record in Seconds
An SPF checker shows whether your domain has a valid SPF record and whether that record lists every server allowed to send your email. Enter your domain above to check your SPF record from live DNS.
SPF (Sender Policy Framework) is the list of mail servers permitted to send email for your domain. If it is missing, incomplete, or misconfigured, receiving servers cannot confirm your mail is genuine, and your domain is easier to spoof.
What this SPF checker looks for
The check reads your domain's TXT records, finds your SPF record, and examines how it is built.
- Whether an SPF record exists in your domain's TXT records
- The mechanisms it uses (include, ip4, ip6, a, mx) and the all qualifier at the end
- Whether it ends in -all (strict), ~all (soft fail), or +all, which allows anyone and is unsafe
- The 10-lookup limit, since too many include statements break SPF silently
How to read your SPF check results
The end of the record matters most. -all tells receivers to reject mail from servers not listed. ~all marks it as suspicious but still accepts it. +all allows any server to send as you and offers no protection.
A record that exceeds 10 DNS lookups fails validation even though it looks correct, and providers then ignore it. This is one of the most common silent SPF failures.
Our guide to SPF explains each mechanism and how the limit works.
What to do if your SPF record is missing or broken
Publish a single SPF record that includes every service that sends email for you: your mail provider, newsletter tool, CRM, and invoicing software. Each provider documents the include value to add.
Keep it to one record under the 10-lookup limit, and end it with -all once you have confirmed every sender is covered.
If keeping SPF correct across changing tools is more than you want to manage, readyDMARC builds and maintains it for you.
Frequently Asked Questions
How do I check my SPF record?
Enter your domain in the checker above. It reads your domain's TXT records from live DNS, finds the SPF record, and reports the servers it authorises and any errors. You can also query your domain's TXT records manually to see the same record.
What is a valid SPF record?
A valid SPF record is a single TXT record starting with v=spf1, listing every authorised sender through include or ip mechanisms, and ending in -all. It must stay within 10 DNS lookups. More than one SPF record on a domain is invalid.
What does -all mean in SPF?
-all is a hard fail: it tells receiving servers to reject any mail from servers not listed in your record. ~all is a soft fail that flags but still accepts such mail. +all allows anyone to send as you and should never be used.
Why does my SPF check fail with too many lookups?
SPF allows a maximum of 10 DNS lookups. Each include, a, and mx mechanism counts, and some includes trigger several. Past 10, the record fails validation and providers ignore it. Flattening or reducing includes brings it back under the limit.
An SPF checker shows whether your domain authorises the right senders or leaves gaps that make spoofing easier. Run the check above to see your SPF record, plus your DKIM and DMARC status.
If the result shows a missing record, an unsafe +all, or too many lookups, readyDMARC fixes your SPF and keeps it correct as your tools change.
More free tools
DMARC Checker
Free DMARC checker. Check your domain's DMARC record, see your policy in plain English, and find out if your domain is protected from email spoofing.
Run the check→DKIM Checker
Free DKIM checker. Check your domain's DKIM record across common provider selectors and confirm your emails carry a valid DKIM signature, plus SPF and DMARC.
Run the check→MX Lookup
Free MX lookup. Find your domain's mail servers, identify your email provider, and check your MX records along with SPF, DKIM, and DMARC.
Run the lookup→A checker shows the gap. Fixing it safely is the hard part.
Email authentication is fiddly and easy to break. One wrong record can let spoofers through or stop your real email arriving. Our specialists configure SPF, DKIM, and DMARC and roll it out safely, so it's set up correctly from the start.