SPF record validator
Validate your SPF record: check syntax, count DNS lookups, and catch common mistakes before they cause email delivery failures.
Frequently asked
What is the 10-lookup limit and why does it matter?
RFC 7208 §4.6.4 limits SPF to 10 DNS lookups per evaluation. Each include:, a:, mx:, ptr:, and exists: mechanism counts as one lookup. Exceeding 10 causes a 'permerror' — recipients may reject your mail. Our validator counts your lookups and warns before you hit the limit.
What's the difference between -all, ~all, and ?all?
-all (hard fail): reject mail that doesn't match — strongest protection. ~all (soft fail): mark as suspicious but accept — good for testing. ?all (neutral): treat SPF as if it's not there — effectively disables SPF protection. +all: allow everything — never use this in production.
Why check SPF if my mail is working?
SPF failures are silent: you don't see the rejected mail. Spammers can forge your domain to send phishing emails that damage deliverability for everyone. A valid SPF record tells recipients which servers are legitimate, reducing the chance your domain gets blocklisted.
Should I use SPF, DKIM and DMARC together?
Yes. SPF authorises sending servers, DKIM cryptographically signs messages, and DMARC tells receivers what to do when emails fail both checks. All three together protect against spoofing and improve deliverability. See our DKIM and DMARC validators.
Secure your email with DNScale DNS
Built and operated in the EU. The same anycast network that powers this tool serves every DNScale-hosted zone.
Secure your email with DNScale DNS