Email SPF Policy Checker

Check SPF (Sender Policy Framework) records for email authentication and deliverability

SPF Examples

SPF Policy Check

Understanding SPF for Email

SPF Mechanisms

ip4/ip6: Authorize specific IP addresses or networks
a/mx: Authorize servers from A or MX records
include: Include another domain's SPF policy
all: Final policy decision (+pass, ~soft fail, -hard fail)

Email Deliverability

  • Hard Fail (-all): Best security, blocks unauthorized senders
  • Soft Fail (~all): Marks suspicious, doesn't block delivery
  • No SPF: High spoofing risk, may affect deliverability
  • Too many lookups: Can cause delivery failures

Best Practices

  • Use -all for hard fail when possible
  • Keep DNS lookups under 10 (preferably under 5)
  • Test SPF changes before deployment
  • Monitor email delivery after SPF changes

Common SPF Examples

v=spf1 include:_spf.google.com ~all Use Google Workspace with soft fail
v=spf1 ip4:192.168.1.1 -all Only allow specific IP with hard fail
v=spf1 a mx -all Allow A and MX record servers with hard fail