SPF Checker

Learn how SPF records protect your domain from email spoofing and what our checker validates.

What is SPF?

Sender Policy Framework (SPF) is an email authentication method that helps protect your domain from being used in email spoofing attacks. It works by allowing domain owners to specify which mail servers are authorized to send email on their behalf.

When you publish an SPF record in your DNS, receiving mail servers can verify that incoming messages claiming to be from your domain actually originate from an authorized server. If a message comes from an unauthorized source, it can be rejected or marked as suspicious.

How SPF Works

SPF operates through a simple DNS-based lookup process:

  1. You publish an SPF record – This is a TXT record in your DNS that lists all IP addresses and domains authorized to send email for your domain.

  2. Someone sends an email – When an email claims to be from your domain, the receiving server extracts your domain from the envelope sender address.

  3. The receiver checks your SPF record – The receiving server queries your DNS for the SPF record and compares the sending server's IP address against your authorized list.

  4. A result is returned – The check returns pass, fail, softfail, or neutral, which the receiver uses to decide how to handle the message.

DNS Lookup Limits

SPF has a critical limitation: a maximum of 10 DNS lookups per authentication check. This includes lookups from include:, a:, mx:, ptr:, and redirect= mechanisms. Exceeding this limit causes a "permerror" result, meaning your SPF check fails entirely.

Common causes of lookup bloat include: - Multiple third-party email services (each adds includes) - Nested includes within those services - Using mx or a mechanisms unnecessarily

If you hit the limit, consider flattening your SPF record by replacing includes with direct IP addresses, or use an SPF management service.

What MailHealth Checks

Our SPF checker analyzes your record for:

  • Record existence – Confirms you have an SPF record published
  • Syntax validity – Ensures your record follows the correct format
  • DNS lookup count – Warns if you're approaching or exceeding the 10-lookup limit
  • Multiple records – Detects if you have more than one SPF record (which is invalid)
  • Common misconfigurations – Identifies issues like using deprecated ptr mechanisms or overly permissive +all
  • Recommended improvements – Suggests optimizations to strengthen your email authentication

A properly configured SPF record is the foundation of email deliverability. Combined with DKIM and DMARC, it significantly reduces the chance of your legitimate emails being marked as spam.

Ready to Check Your Domain?

Get a free, instant email deliverability report for your domain.

Check Your Domain