SPF Record Checker — Validate and Troubleshoot Your SPF Configuration
Validate your Sender Policy Framework (SPF) record to ensure email deliverability and authorized sending.
Frequently Asked Questions
What is an SPF record?
An SPF record is a DNS TXT entry that lists the servers and IP addresses authorized to send email for your domain. Receiving mail servers check this record to determine if an incoming message is from a legitimate source.
Why does my SPF check show 'permerror'?
A permerror means your SPF record exceeds the 10 DNS lookup limit or contains a syntax error that prevents evaluation. This causes many receiving servers to treat your email as unauthorized.
Can I have more than one SPF record?
No. RFC 7208 requires exactly one SPF record per domain. Multiple SPF records cause unpredictable evaluation results. Consolidate all mechanisms into a single record.
What is the difference between -all and ~all?
-all (hard fail) tells receivers to reject unauthorized email. ~all (soft fail) tells receivers to accept it but treat it with suspicion. Use -all for maximum protection once all legitimate senders are authorized.
Does this tool fix my SPF record?
This tool identifies issues and provides recommendations. To fix them — especially the 10-lookup limit — use our SPF Generator to rebuild the record or our SimpleSPF hosted solution for automated flattening.
Why is the ptr mechanism deprecated?
The ptr mechanism requires the receiving server to perform a reverse DNS lookup, which is slow, unreliable, and places an undue burden on the receiver. RFC 7208 discourages its use. Replace ptr with explicit ip4/ip6 or include mechanisms.
How does SPF relate to DMARC?
SPF is one of the two authentication methods DMARC relies on. For DMARC to pass via SPF, the SPF check must pass AND the envelope sender domain must align with the From header domain (relaxed or strict alignment).