Skip to content
DevKit Labs

SPF Record Checker & Validator

Look up and explain a domain's SPF record — every mechanism and the final policy — on our server.

This tool runs on our server. Because a browser can't perform this network lookup, the value you enter is sent to DevKit Labs to run the check — we don't store your queries. A local desktop version that runs from your own machine is planned.

About SPF Record Checker & Validator

Enter a domain to fetch its SPF record (the TXT record starting with v=spf1) and see it broken down mechanism by mechanism — which IPs, includes, a and mx hosts are authorised to send mail, each with its qualifier — plus the final catch-all policy (-all, ~all, etc.).

SPF helps prevent email spoofing by declaring who may send mail for your domain. Because browsers can't query DNS, the lookup runs on our server over DNS-over-HTTPS; we don't store the domains you check.

Explain an SPF record

Input
example.com
Output
v=spf1 include:_spf.google.com ~all → includes Google; softfail others

-all is the strictest ending; ~all (softfail) is common.

Frequently asked questions

What is an SPF record?

A TXT DNS record (starting with v=spf1) that lists which mail servers are allowed to send email for a domain — a core anti-spoofing mechanism.

What does ~all vs -all mean?

The 'all' mechanism is the catch-all. -all (fail) says reject anything not listed; ~all (softfail) says accept but mark it; ?all is neutral. -all is the strictest.

Why does the SPF 10-lookup limit matter?

SPF allows at most 10 DNS lookups (via include/a/mx/etc.). Exceeding it makes the record invalid, so keep includes to a minimum.

Why does this run on your server?

The SPF record lives in DNS, which a browser can't query, so we resolve it server-side over DNS-over-HTTPS. The domain you enter is sent to our server; we don't store it.

Related tools

References