SPF record: how to check and fix it
An SPF (Sender Policy Framework) record is a DNS TXT record that lists the servers and services allowed to send email for your domain. Receivers check it to detect forgeries. A missing, broken, or overly broad SPF record causes legitimate mail to fail authentication and land in spam. You fix it by publishing a single, accurate SPF record that includes every service that sends as you.
Check your domain now with the free DMARC checker — see your SPF, DKIM and DMARC status in seconds.
How to check your SPF record
Look up the TXT records on your root domain for one beginning with "v=spf1." You should have exactly one SPF record. A valid example is: v=spf1 include:_spf.google.com include:sendgrid.net ~all. The "~all" (softfail) or "-all" (hardfail) at the end tells receivers how to treat servers not listed.
Common SPF mistakes
The three most frequent errors are: publishing more than one SPF record (which invalidates SPF entirely), exceeding the limit of 10 DNS lookups (which causes a permerror), and ending with "+all" (which authorises the whole internet to send as you). Each of these silently breaks authentication.
SPF is only one third of the picture
SPF alone does not stop spoofing — it does not survive forwarding and it does not protect the visible From address. It must be combined with DKIM and a DMARC policy. Run the free checker to see SPF, DKIM and DMARC together, then get the exact records to fix any gaps.
Frequently asked questions
Can I have two SPF records?
No. A domain must have exactly one SPF record. Multiple SPF records cause a permerror and break SPF entirely — merge them into one.
What is the SPF 10-lookup limit?
SPF allows a maximum of 10 DNS lookups when evaluating includes. Exceeding it causes a permerror, so flatten or reduce includes to stay under the limit.
Fix this for your domain — free
Create a free account for the exact DNS records and 24/7 monitoring of your first domain, free forever.
Start free