Free · Instant · No account needed

Free SPF Record Checker

Validate your SPF record, see the full mechanism breakdown, check the DNS lookup count, and get specific fix recommendations — in seconds.

Enter a domain name — we'll look up and analyze the SPF record

Looking up SPF record for

Raw SPF record
Lookup budget
Mechanism breakdown
MechanismQualifierValueNotes

Monitor your SPF — and everything else — automatically

Inbox Shield watches your SPF, DMARC, and DKIM records 24/7 and alerts you the moment anything changes. Free for one domain.

Start Monitoring Free → Check DMARC
✓ Check your inbox.

About SPF records

What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are authorized to send email for your domain. Receiving mail servers check SPF to verify that inbound email claiming to be from your domain was sent by an authorized server. Without SPF, anyone can send email that appears to come from your domain.
What is the SPF DNS lookup limit?
RFC 7208 limits SPF evaluation to 10 DNS lookups. Each include:, a, mx, ptr, and exists mechanism consumes one lookup. Nested include: directives count toward the same limit. If the limit is exceeded, SPF returns a permanent error (PermError) — meaning SPF fails for every sender, including legitimate ones.
What does -all vs ~all mean?
-all (hard fail) tells receiving servers to reject any sender not listed in your SPF record. ~all (soft fail) tells them to mark as suspicious but still deliver. +all (pass all) tells them to accept everyone — which defeats SPF entirely. For maximum protection, use -all.
Can I have multiple SPF records?
No. RFC 7208 requires exactly one SPF TXT record per domain. If you have more than one, SPF evaluation will return a PermError and fail permanently. Merge all mechanisms into a single record.
How do I add a new email service without breaking SPF?
Add the new service's include: directive to your existing SPF record before using them to send email. Make sure your DNS lookup count stays under 10 — check it with this tool after adding. If you're already near the limit, use SPF flattening (replacing include: directives with explicit ip4: ranges) to free up headroom. Check out Inbox Shield to get alerted when your SPF record changes.
Is SPF enough on its own?
No. SPF only verifies the envelope sender (the return-path), not the visible From address. Attackers can spoof the From address even when SPF passes. You need DMARC (which enforces alignment between SPF/DKIM and the From header) and DKIM together for full protection. Use the free DMARC checker to check all three.