Check your SPF record — free, in seconds
SPF mistakes are one of the top reasons legitimate emails end up in spam. Enter your domain below to instantly verify your SPF record is correct and complete.
Free. No signup required. Results include SPF, DKIM, DMARC, MX, and blacklist checks.
What is SPF and why does it matter?
SPF — Sender Policy Framework — is a DNS record that tells the world which servers are allowed to send email for your domain. Think of it as a guest list: if a server is not on the list, receiving mail servers know the email was not really sent by you.
Without SPF, anyone can send email that appears to come from your domain. Phishing attackers routinely exploit this. More practically, Gmail, Yahoo, and Outlook all use SPF as a major signal in their spam filters. A missing or broken SPF record silently tanks your deliverability — emails go to spam instead of the inbox, and you may never find out why.
Since Google and Yahoo made SPF a requirement for bulk senders in February 2024, any domain sending more than 5,000 messages per day to Gmail addresses must have a valid SPF record or face rejection. Even if you are not a bulk sender yet, fixing SPF now protects your brand and prevents spoofing attacks.
Common SPF mistakes
These are the issues our checker catches most often — and the ones most likely to cause deliverability problems.
How to read your SPF check results
Your SPF record exists, is syntactically valid, and the sending IP is authorized. No action needed.
SPF exists but has issues — like a ~all soft fail policy or approaching the 10-lookup limit. Should be addressed soon.
No SPF record found, or the record has a syntax error or exceeds the DNS lookup limit. Fix this immediately.
SPF record frequently asked questions
What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are allowed to send email on behalf of your domain. When a receiving mail server gets an email claiming to be from you, it checks your SPF record to verify the sending server is authorized. If the check fails, the email may be marked as spam or rejected. SPF is the first layer of email authentication and a prerequisite for DMARC.
How do I add an SPF record to my domain?
Log in to your domain registrar or DNS provider (e.g., Cloudflare, GoDaddy, Namecheap) and add a TXT record at the root of your domain (@) with a value like: v=spf1 include:_spf.google.com ~all. Replace the include with your actual email provider's SPF include tag — Google Workspace, Microsoft 365, Mailchimp, SendGrid, and others each publish their own. The ~all at the end means soft fail for emails from unlisted servers; -all means hard reject.
What happens to email sent without an SPF record?
Without SPF, receiving mail servers have no way to verify your emails are legitimate. Gmail, Yahoo, and Microsoft all factor SPF into spam scoring. Since Google and Yahoo made SPF a requirement for bulk senders in February 2024, any domain sending more than 5,000 messages per day to Gmail addresses must have a valid SPF record — or face rejection. Even if you are not a bulk sender yet, fixing SPF now protects you as you grow and prevents spoofing attacks.
How many DNS lookups can an SPF record have?
The SPF specification (RFC 7208) enforces a hard limit of 10 DNS lookups per SPF check. Each include:, a:, mx:, exists:, and redirect= mechanism that requires a DNS lookup counts toward this limit. If your record exceeds 10 lookups, receiving servers return a permerror result — which most treat the same as a failure. This is a common problem for companies that use multiple email services (Google Workspace plus Mailchimp plus Salesforce plus Zendesk, for example). Use an SPF flattening service or consolidate your includes to stay under the limit.
Ready to check your SPF record?
MailScore checks SPF alongside DKIM, DMARC, MX, and blacklists — so you get a complete picture in one scan.
Also check these related tools: