Free SPF Record Checker

Enter a domain to look up its SPF (Sender Policy Framework) record. We'll show the policy and flag weak qualifiers like ?all or +all that allow spoofing.

What is SPF?

SPF (Sender Policy Framework) is a TXT record on your apex domain that lists which mail servers are allowed to send email on your behalf. When a receiving server gets a message claiming to be from you@yourdomain.com, it checks the sending IP against your SPF record. If it doesn't match, the message can be rejected or marked as spam.

What we check

  • Record presence — a TXT record starting with v=spf1
  • Final qualifier-all (hard fail, strict), ~all (soft fail, recommended with DMARC), ?all (neutral, weak), or +all (permits everyone — disastrous)

How to fix

Publish a TXT record at your apex domain like v=spf1 include:_spf.google.com ~all(for Google Workspace) or v=spf1 include:spf.protection.outlook.com -all (for Microsoft 365). Use ~all when you want DMARC to do the enforcing, or -all for the strictest possible policy. Never use +all.

Related tools & guides

DMARC Checker

Check the DMARC policy on your domain.

SSL Certificate Checker

Inspect your TLS certificate and expiry.

Security Headers Checker

Check HSTS, X-Frame-Options, and other headers.