SPF Checker

SPF Tester - Prevent Spoofing & Improve Email Reliability through SPF Record Lookup

The check SPF record validation is done by validating the format of SPF records of the domain and determining if the data is valid and should be working.

How to validate and perform SPF lookup by using SPF Tester?

To validate or test the SPF records. Perform the following steps.

• Open the DNSChecker tool for SPF Checker & SPF Lookup.
• Enter the domain/host address in the space provided for that purpose and click the "SPF Record Validate" button.
• The tool will perform the SPF lookup to test the SPF record and validate the SPF record on the following checks.

1. Require the SPF record in the DNS so that it can validate it.
2. Check for multiple SPF records. It is not permitted to publish multiple SPF records.
3. Check the SPF string length. It has a 255 characters string limit.
4. When using SPF, it's only possible to perform 10 (nested) DNS lookups.
5. Check whether the PTR mechanism is used. It's not advised to use PTR as this is a deprecated one, and several senders may ignore the SPF record when this method is used.
6. The domain has published the SPF record in a DNS type "SPF".
7. Check for the "+all" mechanism. That means that anyone can send an email on your behalf. This setup is discouraged.
8. No items after the 'all' mechanism.

What is an SPF record?

SPF stands for Sender Policy Framework. It's a TXT record added to a domain DNS record for DNS info that specifies the IP addresses allowed to send emails on behalf of the domain. It enables the domain to announce the list of approved senders publicly.

The SPF record lookup does not validate against the From domain. Instead, it looks at the Return-Path to validate the originating server. Return-Path is the mailing address that receiving mail servers use to notify the problems like delivery problems to the sending mail servers. Therefore, your email can pass the SPF validation even if From address is fake. The only limitation is that the recipient sees the From address in its email client.

So if the message fails SPF validation, there is no guarantee that it will not be delivered. The receiving ISP (Internet Service Provider) makes the final decision. Therefore, an SPF record check is one of the many factors determining whether an email should be delivered. However, when verifying the From address, the DMARC check is relatively more reliable than SPF.

How does SPF record check help?

The battle against spam and email scam continues. With time, several standards have developed to stop that practices. Sender Policy Framework or SPF is one of those standards.

SPF record determines which email servers are authorized to send the email(s) on the domain's behalf. Results in preventing spoofing and phishing attacks against the email domain. The SPF record describes the DNS record in a particular format to list all the hosts allowed to send the emails on the domain's behalf.

An email can be delivered without SPF validation. Check SPF record is not a perfect solution or ultimate problem resolver. However, combined with DKIM and DMARC, it can improve your email delivery rate and prevent abuse.

How do SPF records work?

SPF check online is a relatively simple process. Suppose an email server receives the message and checks its Return-Path. Suppose that path is [email protected]. The following steps occur to perform the SPF lookup or validate the SPF record.

1. The receiving email server retrieves the SPF record from the DNS records for the domain example.com.
2. The receiving server then verifies the SPF record for all the IP addresses authorized to send an email(s) on behalf of the domain.
3. If the SPF check passes, the receiving server considers it a trusted email. It may be confident the message was sent from an approved sending server and will continue its processing.
4. If the SPF check fails, the message is considered illegitimate and processed as per the receiving server's failure process.

How to implement an SPF record on your domain?

Implementing an SPF record is an easy process. It's a TXT record that you need to add to your domain DNS record. One common mistake people usually make setting multiple SPF TXT entries in their DNS records, making it challenging for the receiving server to know which SPF record is the definitive one. That results in failing SPF check online.

So, whenever you want to add the SPF TXT record for the new server. Always make sure to delete the existing SPF record entry. Just add the new service to that entry.

Example of an SPF record

An SPF syntax looks like this: v=spf1 include:_spf.google.com ~all

v=spf1 is the version of the SPF record being used followed by one or mechanisms. The following mechanisms are checked left to right, specifying different rules on how SPF is checked for the domain.

Looking for more DNS tools on DNS Checker? Why do not you try our Reverse DNS Lookup, Domain Tester to check domain health, and DKIM Checker? All the DNS tools are top-notch and free!

The SPF record for some popular email services is as follows.

• AWeber

  v=spf1 include:send.aweber.com ~all
• Amazon SES

  v=spf1 include:amazonses.com ~all
• Fastmail

  v=spf1 include:spf.messagingengine.com ?all
• Gmail

  v=spf1 include:_spf.google.com ~all
• GoDaddy

  v=spf1 a mx include:secureserver.net ~all
• Sendgrid

  v=spf1 include:u123456.wl.sendgrid.net -all
• MailChimp

  v=spf1 include:spf.mandrillapp.com ?all
• Microsoft 365

  v=spf1 include:spf.protection.outlook.com -all
• Mailgun

  v=spf1 include:mailgun.org ~all
• Mailjet

  v=spf1 include:spf.mailjet.com ~all
• MailerLite

  v=spf1 include:_spf.mlsend.com ~all
• Rackspace

  v=spf1 include:emailsrvr.com ~all
• Zoho Mail

  v=spf1 include:zoho.com -all
• Zendesk

  v=spf1 include:mail.zendesk.com ?all