Skip to content
Kordu Tools
Network & IP Runs in browser Updated 30 Mar 2026

SPF Record Checker

Look up and validate SPF records — parse mechanisms, detect misconfigurations, and check email authentication.

Loading rating…

How to use SPF Record Checker

  1. Enter a domain

    Type the domain you want to check — for example, example.com.

  2. Run the check

    Click Check SPF or press Enter to query TXT records and locate the SPF record.

  3. Review mechanisms

    See each SPF mechanism with its qualifier — pass (+), fail (-), softfail (~), or neutral (?) — displayed in a clear table.

  4. Check for warnings

    Review validation warnings for dangerous settings, missing records, lookup limit violations, or conflicting SPF entries.

SPF Record Checker FAQ

What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that specifies which servers are authorised to send email on behalf of a domain. Receiving servers check SPF to detect forged sender addresses.

What does -all vs ~all mean?
-all (hard fail) instructs receivers to reject email from unauthorised servers. ~all (soft fail) marks it as suspicious but still delivers it. -all provides stronger spam protection.

Why is +all dangerous?
+all means any server in the world is authorised to send email as your domain. This effectively disables SPF and allows unrestricted spoofing of your domain.

What is the 10-lookup limit?
SPF evaluation allows a maximum of 10 DNS lookups. Each include, a, mx, ptr, exists, and redirect mechanism triggers a lookup. Exceeding the limit causes a permanent SPF error (permerror) and SPF evaluation fails.

How does SPF work with DKIM and DMARC?
SPF, DKIM, and DMARC form a layered email authentication system. SPF verifies the sending server; DKIM adds a cryptographic signature to the message; DMARC tells receivers what to do when SPF or DKIM fail. All three are needed for full protection.

Does this tool validate DKIM or DMARC?
This tool validates SPF specifically. DMARC records are also stored as TXT records — use the DNS Lookup tool to inspect them directly.

My SPF looks correct but email still lands in spam. Why?
SPF is just one signal. Check DKIM signing, DMARC policy, sender reputation, and whether your sending IP is on blacklists. SPF passing alone does not guarantee inbox delivery.

Can I have multiple SPF records?
No. Having more than one SPF TXT record for the same domain causes a permerror. If you need to authorise multiple services, combine them into a single SPF record using include mechanisms.

Is this check private?
The only external requests are DNS-over-HTTPS queries to Cloudflare. No data is stored or shared by this tool.

Background

Verify that a domain's SPF record is correctly configured for email authentication. Enter any domain to query its TXT records and extract the SPF record — then see every mechanism parsed with its qualifier and meaning. Validation warnings highlight common problems: missing SPF record, multiple conflicting records, the dangerous +all directive, exceeding the 10-lookup limit, and overly long records.

Understanding SPF is essential for email deliverability. A correctly configured SPF record tells receiving mail servers which hosts are authorised to send email on behalf of your domain — and what to do with unauthorised mail.

Who is this for: email administrators setting up SPF for the first time, developers debugging delivery failures, IT teams auditing domain email security, and anyone troubleshooting spam classification of outbound email. Pair with the MX Lookup and DNS Lookup tools for a complete email deliverability picture.

Related tools

DKIM Checker

Look up and validate DKIM records for any domain — public key, key type, and selector auto-detection.

DMARC Checker

Look up and analyse the DMARC record for any domain — policy, alignment, reporting, and configuration warnings.

MX Lookup

Look up MX records for any domain — mail server priority, IP addresses, and email provider detection.

DNS Lookup

Query all DNS record types for any domain — A, AAAA, MX, TXT, CNAME, NS, SOA, CAA — via Cloudflare DoH.

Learn more

network

SPF, DKIM, and DMARC Explained: Stop Emails Going to Spam

How SPF, DKIM, and DMARC work together to stop email spoofing and spam folders. Google now rejects 75% of unauthenticated email from bulk senders.

network

DNS Record Types Explained: A, AAAA, CNAME, MX, TXT

Every DNS record type explained with real dig examples. Covers A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, and CAA records used across 350M+ domains.