{{ error }}
{{ record }}
MechanismValue
{{ t.qualifier + t.mechanism }} {{ t.value }}
SPF Checks
{{ c.label }}
Categories: DNS , Email , Networking , Security
Export to PDF Fullscreen

Sender Policy Framework (SPF) is a DNS-based email authentication method that lets domain owners publish a list of authorised sending hosts. Receiving mail servers compare a message’s originating IP address against that list. The process blocks forged “From” addresses, curbs phishing, and improves trust in legitimate transactional or marketing email.

The SPF Checker and Validator retrieves the live SPF TXT record for any domain, splits it into its constituent mechanisms, and runs compliance tests such as lookup count and mandatory “all” termination. You receive instant visual feedback on misconfigurations, helping you edit records confidently without external scripts or command-line tools.

Accurate SPF records minimise false-positive spam filtering and prevent spoofed messages from abusing your brand. By validating changes before publishing, you avoid email outages, keep within the ten-lookup limit, and maintain alignment with DMARC policies. The tool also accelerates troubleshooting after platform migrations, multi-vendor setups, or complex on-premises relay updates.

No data is transmitted or stored server-side.

Technical Details:

The utility performs real-time DNS-over-HTTPS queries and evaluates the record against best-practice checkpoints.

  • Queries Cloudflare’s DNS-over-HTTPS JSON API.
  • Parses qualifiers (+ – ~ ?) and mechanisms (a, mx, include, etc.).
  • Displays round-trip lookup time and TTL values.
  • Confirms presence of mandatory v=spf1 prefix.
  • Counts DNS mechanisms contributing to the ten-lookup limit.
  • Verifies that an all mechanism terminates the policy.
  • Presents tokens in a sortable table for rapid review.
  • Runs entirely client-side with no additional backend processing.

Step-by-Step Guide:

Follow these steps to inspect and validate any domain’s SPF record.

  1. Enter the target domain in the Domain field. Tip
  2. Click Validate SPF. A spinner indicates the lookup is running.
  3. Read the full record displayed in the blue information banner.
  4. Scan the Mechanism / Value table for unexpected hosts.
  5. Check the results panel: green ticks mean a test passed; red crosses mark issues.
  6. Update your DNS provider’s TXT record as needed, then rerun the check until all tests pass. Caution

FAQ:

Find answers to common questions about SPF records and this checker.

Why can’t the tool find my record?

Ensure a valid TXT record exists, wait for DNS propagation, and query the root domain unless sub-delegation is configured.

Does using this checker affect my DNS?

No. It issues a read-only DNS-over-HTTPS request identical to a normal resolver query, leaving settings unchanged.

How many lookups are allowed in SPF?

The specification limits indirect DNS lookups to ten per evaluation, excluding redirect recursion.

Is domain data stored anywhere?

Nothing you type is stored by this site; processing occurs in your browser and Cloudflare’s resolver only.

What do qualifier symbols mean?

+ pass, - fail, ~ soft-fail, and ? neutral—receivers use them to decide message acceptance.

Embed this tool into your website using the following code: