SPF Record Checker

SPF (Sender Policy Framework) tells receiving mail servers which IP addresses are allowed to send email from your domain. Without it, anyone can forge your "From" address, and inbox providers have no way to tell the difference between your real emails and a phishing attack using your name. Gmail, Microsoft, and Yahoo now require SPF authentication — if your record is missing or broken, your emails are going to spam.

How SPF records work

An SPF record is a DNS TXT entry on your domain that lists every server authorized to send on your behalf. When a receiving server gets an email from your domain, it looks up your SPF record and checks if the sending server's IP is on the list. If it matches, the email passes SPF. If it doesn't, the server can reject it, flag it as spam, or let it through depending on your policy (the -all vs ~all setting at the end of the record). A typical SPF record looks like: v=spf1 include:_spf.google.com include:sendgrid.net -all.

Why this matters for email marketers

As of early 2024, Gmail and Yahoo require bulk senders (5,000+ emails/day) to have valid SPF, DKIM, and DMARC records. Even if you're below that threshold, SPF directly impacts whether your campaigns reach the inbox or the spam folder. A missing or misconfigured SPF record is one of the most common — and most fixable — causes of deliverability problems. Fixing it often produces an immediate, measurable improvement in inbox placement.

Common mistakes to avoid

The most frequent SPF mistake is exceeding the 10 DNS lookup limit. Every include, a, mx, and redirect mechanism in your record counts as one lookup, and the includes can be nested (an include that itself has 3 includes uses 4 lookups). Go over 10 and the entire record fails, which is worse than having no SPF at all. Use our SPF flattener if you're hitting the limit. Another common mistake is having multiple SPF records on the same domain — you can only have one TXT record starting with v=spf1. Finally, don't forget to include all your sending services: your email marketing platform, your transactional email provider, Google Workspace, and any other tool that sends email from your domain.

How to use this with your email workflow

Start by running your domain through this checker to see your current SPF status. If you don't have a record, use our SPF generator to create one. After publishing the record, verify it propagated with our DNS propagation checker — DNS changes can take up to 48 hours to spread globally. Once SPF is working, move on to DKIM and DMARC to complete the authentication trifecta. Check your overall deliverability score before and after to measure the impact.