Free SPF Record Checker & Validator

Q: How long can an SPF record be?

SPF records must be under 255 characters and should ideally stay under 200 characters to avoid DNS issues. Long records can be split using include mechanisms.

Check your SPF record instantly. Validate syntax, test DNS lookups (10-lookup limit), detect +all risks, and get copy-ready fixes for SPF errors. Free SPF syntax validator for email authentication.

Why SPF Matters

SPF (Sender Policy Framework) prevents email spoofing by specifying which IP addresses are authorized to send emails for your domain.

Anti-Spoofing

Prevents unauthorized senders from using your domain

Deliverability

Improves email delivery rates and inbox placement

Authentication

Works with DKIM and DMARC for complete protection

Reputation

Protects your domain's sending reputation

Live SPF Test

Enter a domain above to check its SPF record

Common SPF Risk Flags

Issues that can affect your email deliverability and security.

+all Mechanism

Allows any IP to send emails - major security risk

High Risk

10+ DNS Lookups

Exceeds RFC limit, may cause SPF failures

Medium Risk

Record Too Long

Over 255 characters may cause DNS issues

Medium Risk

PTR Mechanisms

Slow and unreliable, avoid if possible

Low Risk

SPF Best Practices

Follow these guidelines for optimal SPF configuration.

Use Hard Fail (-all)

Replace ~all with -all for stronger protection:

v=spf1 include:_spf.google.com -all

Minimize DNS Lookups

Use IP addresses instead of includes when possible:

v=spf1 ip4:192.168.1.1 ip4:192.168.1.2 -all

Flatten Complex Records

For complex setups, use SPF flattening services to reduce lookups.

Copy-Ready SPF Record

Generate an SPF record for common email providers

Select Your Email Provider

Google Workspace / Gmail Microsoft 365 / Outlook Mailgun SendGrid Mailchimp

Policy

Generated SPF Record

v=spf1 ~all

DNS Lookups: 0/10

Related Email Security Tools

Complete your email authentication setup with these tools.

DMARC Checker

Validate DMARC policies and alignment

DKIM Lookup

Find and validate DKIM selectors

Deliverability Test

Complete email security audit

Run a Full Email Security Audit

Check SPF, DMARC, DKIM, MTA-STS, and more in one comprehensive scan

Run Full Deliverability Test

Frequently Asked Questions About SPF Records

Common questions about SPF record validation, syntax checking, and email authentication implementation.

How long can an SPF record be?

SPF records must be under 255 characters per DNS TXT record limits. However, it's recommended to keep them under 200 characters to avoid potential DNS issues. If you need more space, use include mechanisms to reference other SPF records or consider SPF flattening services. Use our free SPF checker above to validate your record length.

Why is there a 10-DNS-lookup limit for SPF records?

The 10-DNS-lookup limit prevents infinite loops and reduces server load during SPF evaluation. Each include, a, mx, exists, and redirect mechanism counts toward this limit. To stay under the limit, use ip4/ip6 mechanisms when possible, or consider SPF flattening for complex configurations. Our SPF validator checks your DNS lookup count automatically.

What's the difference between ~all and -all?

~all (soft fail) suggests that emails from unauthorized IPs should be marked as suspicious but still delivered. -all (hard fail) instructs receiving servers to reject emails from unauthorized IPs. Start with ~all for testing, then upgrade to -all for stronger protection.

Can I have multiple SPF records?

No, you should only have one SPF record per domain. Multiple SPF records will cause validation failures. If you need to include multiple email sources, use include mechanisms or list multiple IP addresses in a single SPF record.

How long does SPF propagation take?

SPF records typically propagate within a few hours, but can take up to 48 hours for full global DNS propagation. Most email servers will see the changes within 1-4 hours. You can check propagation using DNS lookup tools.