SPF Record Checker & Validator
Look up and explain a domain's SPF record — every mechanism and the final policy — on our server.
This tool runs on our server. Because a browser can't perform this network lookup, the value you enter is sent to DevKit Labs to run the check — we don't store your queries. A local desktop version that runs from your own machine is planned.
About SPF Record Checker & Validator
Enter a domain to fetch its SPF record (the TXT record starting with v=spf1) and see it broken down mechanism by mechanism — which IPs, includes, a and mx hosts are authorised to send mail, each with its qualifier — plus the final catch-all policy (-all, ~all, etc.).
SPF helps prevent email spoofing by declaring who may send mail for your domain. Because browsers can't query DNS, the lookup runs on our server over DNS-over-HTTPS; we don't store the domains you check.
Explain an SPF record
example.com
v=spf1 include:_spf.google.com ~all → includes Google; softfail others
-all is the strictest ending; ~all (softfail) is common.
Frequently asked questions
What is an SPF record?
A TXT DNS record (starting with v=spf1) that lists which mail servers are allowed to send email for a domain — a core anti-spoofing mechanism.
What does ~all vs -all mean?
The 'all' mechanism is the catch-all. -all (fail) says reject anything not listed; ~all (softfail) says accept but mark it; ?all is neutral. -all is the strictest.
Why does the SPF 10-lookup limit matter?
SPF allows at most 10 DNS lookups (via include/a/mx/etc.). Exceeding it makes the record invalid, so keep includes to a minimum.
Why does this run on your server?
The SPF record lives in DNS, which a browser can't query, so we resolve it server-side over DNS-over-HTTPS. The domain you enter is sent to our server; we don't store it.