SPF Record Checker - Check SPF Record - SPF Record Lookup

Use SPF record checker to check if SPF has been set up correctly for a domain.

To learn how to implement SPF/DKIM/DMARC, check out this definitive, step-by-step guide:
How to Implement SPF/DKIM/DMARC to Prevent Email Spoofing/Phishing

Enter domain to check SPF record for, e.g., dmarcly.com
  Check SPF Record

Found SPF record in DNS:

SPF record resolution:

Flattened SPF record:

Mechanisms | Modifiers
Mechanism Explanation
all This mechanism always matches. It usually goes at the end of the SPF record.
include The specified domain is searched for a match. If the lookup does not return a match or an error, processing proceeds to the next directive.
ip4 The argument to the "ip4:" mechanism is an IPv4 network range. If no prefix-length is given, /32 is assumed (singling out an individual host address).
ip6 The argument to the "ip6:" mechanism is an IPv6 network range. If no prefix-length is given, /128 is assumed (singling out an individual host address).
a All the A records for domain are tested. If the client IP is found among them, this mechanism matches. If the connection is made over IPv6, then an AAAA lookup is performed instead.
mx All the A records for all the MX records for domain are tested in order of MX priority. If the client IP is found among them, this mechanism matches.
ptr The hostname or hostnames for the client IP are looked up using PTR queries. The hostnames are then validated: at least one of the A records for a PTR hostname must match the original client IP. Invalid hostnames are discarded. If a valid hostname ends in domain, this mechanism matches.
exists Perform an A query on the provided domain. If a result is found, this constitutes a match.
redirect For a modifier redirect=domain, the SPF record for domain replaces the current record.

Help on SPF record checker

The SPF record checker checks if an SPF record is published on a domain, and if the SPF record's syntax is correct.

Simply enter the domain in question, and it will fetch the SPF record (if any) from the DNS. After the record is returned, it:

  • checks if the SPF record syntax is correct;
  • makes sure the number of mechanisms and modifiers that do DNS lookups does not exceed ten;
  • "flattens" the returned SPF record into a list of plain IP addresses, so that you can check them one by one, in case it's necessary. This is helpful when you need to track down some gnarly SPF issues.

SPF is an email security protocol which checks if an email message is sent from a host on the whitelist specified by the domain's admin.

An SPF record is a TXT record published on the domain starting with "v=spf1". It specifies a list of IP addresses where email messages are allowed to sent on behalf of that domain.

An SPF mechanism is a way to specify a range of IP addresses. These mechanisms are available in SPF: IP4, IP6, A, MX, PTR, EXISTS, INCLUDE, and ALL.

An SPF qualifier specifies the result of a mechanism evaluation. These qualifiers are available in SPF: +, ?, ~, and -.

Here is an example SPF record:

v=spf1 include:_spf.example.com -all

This record allows any host with an IP address specified in the SPF record of _spf.example.com to send emails on behalf of a domain.

An SPF record check fetches the SPF record on a domain you entered, and performs various checks on its syntax, validity, and DNS lookups, to make sure your SPF record works as expected.