Free SPF Record Checker
Enter a domain to look up its SPF (Sender Policy Framework) record. We'll show the policy and flag weak qualifiers like ?all or +all that allow spoofing.
What this SPF checker checks
This free SPF checker looks up the SPF record on the domain you enter and reports the policy it publishes, flagging weak qualifiers such as ?all (neutral) or +all (pass everything) that let anyone send mail as your domain. SPF is a DNS TXT record listing which servers are allowed to send email for your domain.
SPF is one leg of email authentication; complete the picture with the DMARC checker.
Why SPF matters
SPF tells receiving mail servers which IP addresses and services are authorised to send email on behalf of your domain. When it is set correctly, mail from unauthorised servers can be flagged or rejected, which cuts down on spoofing and improves the deliverability of your genuine mail.
A misconfigured SPF is worryingly common: a trailing +all undoes the whole record by authorising everyone, and forgetting to include a sending service (your email platform, CRM, or newsletter tool) can send your own legitimate mail to spam.
How to fix your SPF record
SPF lives as a single TXT record at your domain root, managed at your DNS host:
- Include every service that sends mail for you using include: mechanisms (for example your email host and any marketing tools).
- End the record with -all (hard fail) once you are confident every legitimate sender is listed, or ~all (soft fail) while testing.
- Never use +all, which authorises the entire internet to send as you, and avoid ?all in production.
- Keep to a single SPF record and stay within the 10 DNS-lookup limit, or the record can fail to evaluate.
Honest limits
This tool reads the published SPF record for the domain you enter and flags weak qualifiers. It does not fully expand every nested include to count lookups against the 10-lookup limit. Email authentication is part of the Quick Wins in a full free audit, which reports SPF, DMARC, and the rest together with AI fix instructions and a shareable PDF report.
Frequently asked questions
Is this SPF checker free?
Yes, free with no signup, up to 15 checks per hour.
What is the difference between -all and ~all?
-all is a hard fail that tells servers to reject unlisted senders; ~all is a soft fail that flags them. Use ~all while testing, then move to -all.
Why is +all dangerous?
+all authorises every server on the internet to send email as your domain, which completely defeats the purpose of SPF.
Where do I edit my SPF record?
At your DNS host, as a single TXT record at your domain root listing your authorised senders.
How does SPF relate to DMARC?
SPF authorises senders; DMARC decides what to do when mail fails. Check yours with the DMARC checker.