Phishsight
All Tools
Free SPF Tool

SPF Record
Checker & Validator

Check your domain's SPF record for free. Validate syntax, detect misconfigurations, and verify authorized email senders.

Enter a domain name without http:// or www (e.g., phishsight.com)

SPF Validation

Full syntax check and mechanism analysis

Lookup Count

Verify you're within the 10-lookup limit

Authorized Senders

See which servers are authorized to send

What is SPF?

Sender Policy Framework (SPF)

SPF is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. It works by publishing a DNS TXT record that lists authorized sending IP addresses and mechanisms.

How SPF Works

  1. The domain owner publishes an SPF record in DNS (a TXT record)
  2. When an email is received, the receiving server checks the sender's domain SPF record
  3. The server verifies the sending IP against the authorized list
  4. Based on the result (pass/fail/softfail), the email is accepted, rejected, or flagged

Common SPF Issues

  • Too many DNS lookups: SPF allows a maximum of 10 DNS lookups. Exceeding this causes SPF to fail.
  • Using +all: This effectively authorizes any server to send email for your domain, defeating the purpose of SPF.
  • Missing include statements: Forgetting to include third-party senders (e.g., Google Workspace, Mailchimp) causes legitimate emails to fail SPF.
  • Using ~all vs -all: Softfail (~all) allows messages to still be delivered, while hardfail (-all) is stricter and recommended for better security.