SSL Monitoring Ping Monitoring Port Monitoring Domain Monitoring TCP Monitoring Keyword Monitoring Cron Monitoring API Monitoring SLA Monitoring
Status Pages Status Badges Is Website Down? API MCP Server
For SaaS Teams For Agencies For E-commerce For DevOps For Startups For Hosting Providers For Developers
<- Back Home Pricing Status Pages Status Badges API MCP Server Is Website Down? Website Errors Free Tools

Free email tool

SPF Checker

Validate your SPF record, count its DNS lookups, and catch a too-permissive policy before it hurts your delivery.

Try , ,

Checks run in your browser over Google public DNS-over-HTTPS (Cloudflare as fallback). Nothing you enter is sent to Pulsetic.

Email authentication only protects you while the records are right. Pulsetic monitors your domain and certificates around the clock.

What is an SPF record?

SPF (Sender Policy Framework) is a TXT record, beginning v=spf1, that lists which servers are allowed to send email for your domain. A receiving server reads it and decides whether a message came from an authorized source. Without SPF, anyone can forge mail from your domain.

The record ends in an all mechanism that says what to do with everything not matched: -all rejects it, ~all marks it as a soft fail, ?all stays neutral, and +all allows anything, which defeats the point.

The 10-lookup limit that breaks SPF

Every a, mx, ptr, exists, include and redirect in your SPF costs a DNS lookup, and SPF allows at most 10 in total, counting the ones inside each include you reference. Go over and receivers return a permerror, which can fail your SPF entirely.

This is the single most common reason SPF silently breaks as you add senders. The checker above expands your includes and counts the real total, so you can see how close to the limit you are before mail starts failing.

Check it from the terminal

Prefer the command line? This reads the same record the checker validates:

dig example.com TXT +short # look for the line starting v=spf1

Frequently asked questions

  • What is an SPF record?

    An SPF record is a TXT record starting with v=spf1 that names the servers allowed to send email for your domain. Receivers use it to tell genuine mail from forgeries.

  • What is the SPF 10-lookup limit?

    SPF may use at most 10 DNS lookups to evaluate, counting every a, mx, ptr, exists, include and redirect, including those nested inside your includes. Exceeding it causes a permerror that can fail SPF for all your mail.

  • What is the difference between ~all and -all?

    Both cover senders not otherwise authorized. -all is a hard fail asking receivers to reject them; ~all is a soft fail asking receivers to accept but mark them. -all is stricter; ~all is common while you are still confident your record is complete.

  • Why is my SPF failing?

    The usual causes are too many DNS lookups (over the limit of 10), more than one SPF record on the domain (only one is allowed), or a sending service missing from your includes. The checker flags each of these.

  • Can I have two SPF records?

    No. A domain must publish exactly one SPF record. Two or more cause a permerror; merge them into a single v=spf1 line with all the needed includes.

  • How does this SPF checker work?

    It looks up your domain TXT records over DNS-over-HTTPS in your browser, finds the v=spf1 line, then expands every include and redirect to count the real DNS lookups against the limit of 10 and grade the all qualifier. Nothing you enter is sent to a server.

  • What does an SPF record look like?

    A simple one is v=spf1 include:_spf.google.com ~all, which lets Google send mail for your domain and soft-fails everything else. Each ip4, ip6 and include adds an authorized source, and the trailing all mechanism sets the policy for everyone not listed.

Stay online, all the time, with Pulsetic's uptime prime.

By Designmodo

Designmodo Inc. 169 Madison Ave, #79627, New York, NY 10016, United States

Copyright © 2010-2026

Hey there 👋  Friends from designmodo are here to help!
More Products Start a Chat...