SPF Checker

SPF record details will appear here after you check a domain.

About this SPF Checker

Run a complete SPF check in one click. Paste a domain, and our free SPF checker returns a clear results – if a domain publishes a valid SPF record, what policy it enforces (e.g., -all vs ~all), and whether it risks exceeding the 10-DNS-lookup limit. We also follow redirect= and list include: domains. This SPF lookup tool is free, online, and no signup.

How to use

  1. Enter your sending domain (the domain used in your Return-Path/Mail-From).
  2. Click Check SPF. We fetch TXT records and find v=spf1.
  3. Review policy, includes, redirect chain, and lookup count.

What the results mean

  • SPF Published — Detects whether a v=spf1 record exists.
  • Hostname — The exact domain/hostname that was evaluated for SPF.
  • Hostname — The full v=spf1 … string exactly as published
  • Behind CNAME (yes/no) — Indicates whether the checked host is an alias.
  • Policy all — hardfail -all, softfail ~all, neutral ?all, or pass +all.
  • DNS lookups — Estimated total including includes/redirects; must be ≤ 10.
  • Includes — Domains referenced via include: that expand your SPF.
  • Redirect chain — If redirect= is used, we follow the chain and show where the policy ultimately comes from.
  • IPv4 ranges — Flattened list of ip4: CIDRs (= Classless Inter-Domain Routing; a compact way to write an IP address range).
  • IPv6 ranges — Flattened list of ip6: CIDRs.s
  • Notes — Potential issues like multiple SPF records or use of ptr/+all.

What is SPF?

SPF (Sender Policy Framework) is an email authentication standard that lets a domain publish a DNS TXT record listing which servers are allowed to send mail for that domain. Receiving mail servers check the sender’s IP against this record to spot spoofing and reduce spam/phishing. SPF works best alongside DKIM and DMARC to protect your brand and improve deliverability.

Glossary

  • Record — Your domain’s SPF record is a DNS TXT entry starting with v=spf1 that lists the servers/IPs allowed to send mail for you.
  • Policy — The SPF policy is the final allmechanism that decides what to do when nothing else matches. Read more about the different policies in the section below.
  • DNS lookups — Certain SPF mechanisms (include, a,mx, exists, ptr, redirect) trigger DNS lookups during evaluation. SPF allows at most 10 lookups. Exceeding this returns a permanent error and can break validation.

What’s the difference between -all and ~all?

In SPF, the final all is your catch-all policy: -all hard-fails unauthorized mail, while~all soft-fails it (usually accepted but tagged). Here are general rules for policy choice:

  • -all
    • = fail
    • Sender is not authorized.
    • Use in production once your authorized senders (IP ranges, a, mx, include) are correct.
  • ~all
    • = softfail
    • Sender is accepted but tagged resulting in higher spam score.
    • Use temporarily for development purposes. Plan to move to -all after that.
  • ?all
    • = neutral
    • Sender is accepted; it gets little/no negative weight.
    • Avoid using it in production; it’s rarely the right choice.
  • +all
    • = pass
    • Everyone is authorized.
    • Never use. It defeats the purpose of SPF.

Tips for better deliverability

  • Publish SPF, DKIM, and DMARC for your sending domain.
  • Avoid +all; prefer ~all while testing and -all once confident.
  • Keep SPF under the 10-lookup limit by consolidating includes.
  • Remove unused vendors and obsolete include domains.

Why use this SPF checker?

  • Clear results – it turns cryptic mechanisms into human-readable summary.
  • Fast & free – The SPF lookup tool works instantly in the browser.
  • Actionable – Notes section that helps identify potential issues and gives tips on what it is and how to fix it.

FAQ

  • What is an SPF checker?
    A tool that looks up and validates your domain’s SPF (v=spf1) record, evaluates policy (-all/~all/?all/+all), counts DNS lookups, expands include:/redirect=, and flags issues that affect deliverability. .
  • How many DNS lookups are allowed in SPF?
    Yes. SPF alone doesn’t protect the “From” domain alignment. Add DKIM and DMARC for policy-based enforcement.
  • Can I have multiple SPF records?
    No. Publish 1 TXT record beginning with v=spf1. Multiple records cause PermError and can break email validation.
  • Do I need DMARC and DKIM too?
    Yes. SPF alone doesn’t protect the “From” domain alignment. Add DKIM and DMARC for policy-based enforcement.

👉 Need to deliver your emails?

Sidemail makes transactional and marketing emails simple—powerful email sending API, clean dashboard, and hands-on support whenever you need it. Create your account and start sending in under 30 minutes.

Get started now