SPF Checker
Sender Policy Framework (SPF) defines which mail servers are allowed to send email on behalf of your domain.
Check your domainWhat is SPF?
SPF (Sender Policy Framework) is an email authentication method that uses a DNS TXT record to specify which mail servers are authorized to send email for a domain. Receiving mail servers check this record to verify whether an email should be trusted.
Why SPF matters
- Prevents email spoofing and phishing
- Improves email deliverability
- Required for DMARC enforcement
How SPF works
- An email is sent from a server claiming to be your domain
- The receiving server looks up your domain’s SPF record in DNS
- The sending server is compared against allowed sources
- The email passes or fails SPF based on the result
Example SPF record
v=spf1 include:spf.protection.outlook.com -all
This SPF record allows Microsoft 365 servers to send email for the domain and instructs receiving servers to reject all other sources.
Common SPF mistakes
- No SPF record published
- Too many DNS lookups (maximum is 10)
- Using
+all(allows anyone to send email) - Forgetting to update SPF when adding email services
SPF, DKIM, and DMARC
SPF works best when combined with DKIM and DMARC. SPF verifies the sending server, DKIM verifies the message integrity, and DMARC defines how failures should be handled.