ccnames.dev

cnames.dev / tools / spf checker

SPF Checker

Validate your SPF record, count DNS lookups against the 10-lookup limit, and flag common mistakes.

What SPF does

SPF (Sender Policy Framework) is a DNS TXT record that declares which servers may send email for your domain. When a receiver gets a message, it checks the sending IP against your SPF record. SPF is one of the three pillars of email authentication alongside DKIM and DMARC.

The 10-lookup limit

SPF is capped at 10 DNS lookups during evaluation. Each include, a,mx, ptr, exists, and redirect mechanism costs one. Go over and receivers return a permerror — SPF fails even for legitimate mail. The tool above counts your lookups so you can stay under the limit; if you're close, consolidate includes or use SPF flattening.

The "all" mechanism

Common SPF mistakes

Building a SaaS that needs custom domains? cnames.dev automates DNS, SSL, and edge routing — one API call per domain, free for 25 domains. Start free or read the docs.

Frequently asked questions

What is an SPF record?

A DNS TXT record starting with v=spf1 that lists which servers are allowed to send email for your domain. Receivers check it against the sending server's IP.

What is the SPF 10-lookup limit?

SPF evaluation may perform at most 10 DNS lookups (from include, a, mx, ptr, exists, redirect). Exceeding it causes a permerror and SPF effectively fails, so keep includes lean or use flattening.

Should I end my SPF record with ~all or -all?

-all (hard fail) tells receivers to reject unlisted senders; ~all (soft fail) marks them suspicious. Use -all once you are confident every legitimate sender is listed; ~all is a safer interim.

Can I have more than one SPF record?

No. A domain must publish exactly one v=spf1 record. Multiple SPF records cause a permerror. Merge them into one.