Validate your domain's Sender Policy Framework records to prevent email spoofing and improve deliverability.
Enter a domain name to check its SPF records configuration
Verify your SPF records to authenticate legitimate email senders and prevent spoofing
Policy strength assessment
Review and improve your SPF policy strength (strict/moderate/weak)
Comprehensive validation
Check DNS propagation, CNAME detection, and mechanism analysis
Actionable recommendations
Get customized fixes with examples for popular email providers
SPF (Sender Policy Framework) is an email authentication method designed to prevent spammers from sending messages on behalf of your domain. It works by specifying which mail servers are authorized to send email from your domain.
Research shows that domains without SPF records are 4.75x more likely to be spoofed in phishing attacks. Implementing SPF can reduce spam purporting to be from your domain by up to a staggering 90%.
Prevents scammers from damaging your brand by sending fake emails that appear to come from your domain
Major email providers like Gmail, Outlook, and Yahoo check SPF records as part of their spam filtering systems
SPF is a required component for implementing DMARC, the most comprehensive email authentication protocol
Makes it harder for attackers to successfully impersonate your domain in phishing campaigns targeting your customers
Validate and analyze your domain's SPF configuration in three simple steps
Input any domain name you want to verify, such as "yourdomain.com"
Our tool fetches and parses your SPF record, breaking down each mechanism and qualifier
Receive a comprehensive analysis with policy strength evaluation and actionable recommendations
Our tool identifies and helps you fix these critical SPF configuration problems
Identifies domains that don't have any SPF record, leaving them vulnerable to email spoofing and deliverability issues.
Detects when a domain has more than one SPF record, which violates the SPF standard and causes unpredictable results.
Identifies formatting errors such as missing "v=spf1" prefix, invalid mechanisms, or incorrectly formatted IP addresses.
Detects overly permissive SPF policies (using "+all") that allow any server to send email as your domain.
Identifies SPF records that exceed the 10 DNS lookup limit, causing some messages to fail authentication.
Detects when the "all" mechanism isn't at the end of the record, causing mechanisms after it to be ignored.
Breaking down the components of an SPF record to help you understand your configuration
Every SPF record must start with this prefix. It identifies the record as an SPF record version 1, currently the only version.
Explicitly authorize specific IP addresses or ranges to send email from your domain. This example authorizes all IPs in the 192.0.2.0/24 subnet.
Incorporates another domain's SPF record. This example includes Google's SPF record, allowing Google's servers to send email from your domain.
Authorizes all mail servers listed in your domain's MX records to send email as your domain. This aligns email sending with receiving servers.
Indicates how to handle mail from servers not specified in your SPF record. The tilde (~) means "soft fail" - accept but mark emails from non-authorized servers.
Learn more about SPF records and how our checker helps protect your domain from email spoofing
Still have questions about SPF implementation?
Use our SPF Record Checker to verify your email authentication, fix configuration issues, and protect your domain from spoofing.