SPF record checker
Enter a domain. We fetch the SPF record, run the four checks that matter, and tell you whether it will actually protect your sending reputation.
We don't save the domain you check.
What SPF does
SPF is a TXT record that lists which mail servers are authorized to send on behalf of your domain. Receiving mail servers look it up when a message arrives and check whether the sending IP is on the list.
Use this checker to confirm your sending services are in the record, to catch a record that has drifted over the 10-lookup limit, and to decide whether unlisted senders should be soft-failed or rejected outright.
What is the difference between -all and ~all?
-all (hard fail) instructs receivers to reject mail from any server not listed in the record. ~all (soft fail) marks the mail as suspicious but still delivers it. Switch to -all once you are confident every legitimate sender is listed.
Why does the 10-lookup limit matter?
RFC 7208 caps SPF evaluation at 10 DNS lookups. Each include:, a, mx, and exists: mechanism counts as one lookup. Exceeding the limit causes a permerror, which can silently hurt deliverability without you knowing.
Can a domain have two SPF records?
No. RFC 7208 requires at most one v=spf1 TXT record. Having two makes SPF invalid for the whole domain. Merge all your authorized senders into a single record.
What is +all and why is it dangerous?
+all passes every server on the internet, meaning it authorizes anyone to send mail as your domain. It provides no protection against spoofing at all. If you see it in a record it should be replaced with -all or at minimum ~all.