SPF Record
Analyzer & Checker
Analyze your domain's SPF record for security issues, misconfigurations, and optimization opportunities with detailed visual insights.
Understanding SPF Records
What is SPF?
SPF (Sender Policy Framework) is a DNS-based email authentication method that helps prevent email spoofing. It allows domain owners to specify which mail servers are authorized to send email on behalf of their domain.
When an email is received, the receiving server checks the sender's domain for an SPF record and verifies that the sending server is authorized.
SPF Syntax Explained
An SPF record starts with v=spf1 followed by mechanisms and modifiers:
include:- Include another domain's SPFip4:/ip6:- Authorize IP addressesa/mx- Authorize A or MX records-all/~all- Default policy
The 10 DNS Lookup Limit
SPF records are limited to 10 DNS lookups (void lookups don't count toward this limit). This includes:
Counts as lookup:
- •
include:mechanism - •
amechanism - •
mxmechanism - •
ptrmechanism - •
exists:mechanism - •
redirect=modifier
Does NOT count:
- •
ip4:mechanism - •
ip6:mechanism - •
allmechanism - • Initial TXT lookup
Exceeding 10 lookups results in a permerror, causing SPF validation to fail.
SPF Best Practices
Use -all for strict enforcement
Keep DNS lookups under 7 for safety margin
Use SPF with DKIM and DMARC together
Avoid deprecated ptr mechanism