← Email Security Tools
SPF Record Lookup
Check which mail servers are authorized to send email from your domain. Identify gaps in your SPF record before they cause deliverability problems.
Free SPF Record Checker
Enter your domain to see your current SPF record and which sending sources are authorized.
What is an SPF record?
SPF, or Sender Policy Framework, is a DNS record that lists every mail server authorized to send email on behalf of your domain. When a message arrives, the receiving server checks your SPF record to confirm the sending server is on your approved list. If it is not listed, the message fails and may be sent to spam or rejected depending on your DMARC policy. SPF works alongside DKIM and DMARC to form the three-layer foundation of email authentication.
Enter your domain below to see your current SPF record, get a plain-language breakdown of every mechanism, and check your DNS lookup count against the ten-lookup limit.
Wolferdawg IT Consulting can audit your email authentication records, fix broken configurations, and keep your SPF record aligned with every service sending on your behalf.
SPF record lookup — common questions
What does a failing SPF record mean for my business email?
A failing SPF check means the server that sent your email is not listed as an authorized sender in your SPF record. Receiving mail servers may mark your message as spam, reject it, or flag it as a potential spoofing attempt. If your business recently added a new email platform, newsletter tool, or invoicing system and did not update your SPF record, that service will fail SPF on every message it sends on your behalf.
Why does my SPF record have a permerror or too many DNS lookups?
SPF has a hard limit of ten DNS lookups per evaluation. Every include: statement in your SPF record triggers additional lookups. If your record includes multiple email providers, each with their own nested includes, you can exceed the limit quickly. When you exceed ten lookups the result is a permerror, which many receiving servers treat the same as a fail. The fix is to flatten your SPF record by replacing nested includes with the specific IP ranges they resolve to.
Can I have more than one SPF record for my domain?
No. You can only have one SPF TXT record per domain. If you publish more than one, the result is a permerror and SPF will fail for all messages sent from your domain. If you need to authorize multiple sending services, they all need to be combined into a single SPF record using include: statements or explicit IP ranges.
My emails are going to spam. Could SPF be the cause?
Yes. A missing, broken, or outdated SPF record is one of the most common reasons legitimate business email lands in spam folders. If your SPF record does not include all the services sending email on your behalf, those messages will fail authentication. Run a lookup with this tool to see your current record, then compare it against every platform you use to send email. Any service not listed is failing SPF on your behalf.
What is the difference between SPF softfail and hardfail?
An SPF record ending in ~all is a softfail. It tells receiving servers that messages from unlisted sources are suspicious but should still be accepted and possibly flagged. A record ending in -all is a hardfail, instructing receiving servers to reject messages from unlisted sources outright. Most businesses use softfail while they are building out their records, then move to hardfail once they are confident every legitimate sending source is included.
More free email security tools
Check and generate all three email authentication records.