SPF Record Validator
Fetch and validate a domain's SPF record, including the 10-DNS-lookup limit.
About this tool
SPF (Sender Policy Framework) is a TXT record that lists which servers may send email for your domain. This validator fetches the record, checks the syntax, breaks it down into mechanisms (include, ip4, ip6, a, mx, redirect and the all qualifier) and counts the DNS lookups it triggers.
The most common SPF failure is exceeding the limit of 10 DNS lookups: every include, a, mx, ptr, exists and redirect counts, including nested includes. Records past the limit return permerror and receivers may ignore SPF entirely.
Frequently asked questions
What is the difference between ~all and -all?
-all (fail) tells receivers to reject mail from unlisted servers; ~all (softfail) suggests marking it suspicious instead. Start with ~all while testing, then move to -all once you are sure every legitimate sender is listed. Never use +all, which authorizes the entire internet.
Why is there a 10 DNS lookup limit?
The limit (RFC 7208) protects receiving servers from being used for DNS amplification and from slow evaluations. Each include, a, mx, ptr, exists and redirect mechanism costs one lookup, and includes count everything inside them recursively.
Can a domain have two SPF records?
No. Multiple TXT records starting with v=spf1 make SPF evaluation fail with permerror. Merge all mechanisms into a single record.