SPF Checker
Validate the SPF (Sender Policy Framework) TXT record for a domain. SPF specifies which mail servers are allowed to send email on behalf of your domain.
What is SPF and why does it matter?
SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are authorised to send email on behalf of your domain. Without SPF, anyone can send email that appears to come from your domain β a spoofing technique used in phishing attacks. Receiving servers check your SPF record to verify the sending server is on your list.
Understanding SPF mechanisms
An SPF record uses mechanisms to define authorised senders. 'include:' pulls in another domain's SPF record. 'ip4:' and 'ip6:' authorize specific IP ranges. 'a' authorises your domain's A record. 'mx' authorises your mail servers. The qualifier at the end matters: '-all' rejects unauthorized mail, '~all' marks it suspicious, '+all' accepts all mail (avoid this).
Common SPF errors
The most common error is exceeding the 10 DNS lookup limit β each 'include:' counts as a lookup. Exceeding 10 causes a 'permerror' which many receivers treat as failure. Another mistake is having multiple SPF records β only one TXT record starting with 'v=spf1' is valid.
SPF alone is not enough
SPF only protects the envelope sender. For complete email authentication, combine SPF with DKIM (cryptographic signing) and DMARC (policy enforcement). Using all three is best practice for any business domain.