SPF Record Check | SPF Checker

Overview

The value of an SPF record check

Sender Policy Framework, or SPF, is an email authentication technique that helps protect email senders and recipients from spam, phishing and spoofing. SPF enables receiving mail servers to authenticate whether an email message was sent from an authorized mail server – but only when the domain owner's SPF record is valid.

Mimecast DMARC Analyzer provides a free SPF record check that can validate an SPF record by simply entering a domain name. Within seconds, you can receive a report that displays your DNS record and parses your SPF record, identifying any problems with it. Mimecast's SPF record check can also validate any updates you applied to your record. It is strongly recommended to carefully test updates with an SPF record check before applying them to a DNS record.

SPF Record Checker

Use the SPF record checker to validate your SPF records

In order to implement SPF you will need to have a valid SPF record. Mimecast DMARC Analyzer provides an SPF Record Checker to validate your SPF record.

We can also pre-validate an update you intend to apply to your record to prevent post-update issues. We recommend you to carefully test any updates to your SPF records before applying them.

The SPF checker searches for an SPF record, displays the SPF record present, and validates the record, highlighting any errors found within it.

SPF Results for domain:

Would you like your results emailed to you?

Congratulations!

Your form has been submitted.

Explainer

The SPF Record Checker Will Validate SPF Records On:

SPF record existence
Logically we require a SPF record in your DNS so we can validate it.

Multiple SPF records in DNS
You can only have 1 SPF record in DNS for each SPF version. If you publish multiple SPF records (v=spf1), this will invalidate your SPF record. Therefore, you should always update your SPF record rather than entering a new record beside the existing one.

Maximum Lookups
When using SPF, you can only perform 10 (nested) DNS lookups.

PTR Mechanism Used
We recommend not to use PTR as this is a deprecated mechanism and several senders may (completely) ignore your SPF record if you use this.The function of a PTR record is the opposite of an A record. Instead of resolving a domain name to an IP address, the PTR record resolves an IP address to a domain name. The PTR mechanism validates if the DNS reverse-mapping for an <ip> exists and if it’s able to point to a domain name within a particular domain. The PTR mechanism is slow and not as reliable in comparison with other mechanisms in case of DNS errors therefore we strongly recommend to not use the PTR mechanism.

Unknown Parts Found:
We have detected content which is not in the SPF specification.

+All Mechanism Used
If you use the mechanism ‘all’ with a “+” qualifier this means you essentially allow anybody to send email on your behalf. The record will first try to match the sending source to another mechanism. If this fails, the default behaviour is to still allow this source. Therefore, this setup is discouraged.

Invalid Macro
Our SPF record checker will try to validate SPF macro’s you use. Using some example data, we will give examples of the lookups receivers may perform based on your macro setup.

Record Termination Missing
An SPF record should always have a ‘default’ fall back mechanism. This can either be an ‘all’ mechanism or a ‘redirect’ modifier. We check if you end your SPF record with either of these.

Multiple Fall back Scenarios
A SPF record should have 1 fall-back scenario. You have defined multiple.

DNS Type “SPF” Used
You have published your SPF record in a DNS type SPF. This DNS type ‘SPF’ (/99) was introduced in RFC 4408 in 2006. However, this type became obsolete following RFC 7208 which states: SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR)

Uppercase SPF
You used uppercase characters in your SPF record. Although it is not a requirement, it is a best practice to publish your SPF records in lowercase.

After running your SPF record through all these checks, you can safely update your SPF record in your DNS!

FAQs

What is SPF (Sender Policy Framework)?

Sender Policy Framework, or SPF, is a technique for authenticating email that enables the owner of a domain to specify which mail servers or IP addresses are used to send mail. Receiving mail servers can determine whether an inbound email is legitimate or not by comparing the "envelope from" address in the email header to the list of IP addresses published by the domain.

What is a SPF check?

When an email message is sent, the receiving mail server can perform an SPF check to verify that the IP in the "envelope from" address in the message's header matches the IP addresses listed in the domain's SPF record in the DNS. If the SPF check is successful, the message is sent onto the recipient. If the SPF check fails, that information can help the receiving mail server to determine whether the message should be delivered in the inbox, sent to the spam folder or needs to be blocked.

What is an SPF record?

An SPF record is a list of authorized mail servers that is published in the Domain Name Service (DNS). When receiving an email, a mail server can check the IP addresses in the SPF record. If the IP address in the email header isn't listed in the SPF record, the email may be considered illegitimate and may be rejected.

What is an SPF record check?

An SPF record check is a diagnostic tool that looks up the SPF record for a domain, displays the record and runs tests to uncover any errors within the record that could adversely impact email delivery. Mimecast offers a free SPF record check as well as a free DMARC record check and a free DKIM signature check service.

How does SPF authentication work?

The SPF TXT record is a DNS record that helps prevent spoofing and phishing by verifying the domain name from which email messages are sent. SPF validates the origin of email messages by verifying the sender's IP address against the so-called owner of the sending domain. Domain managers publish SPF information in TXT records in the DNS. The SPF information identifies authorized outgoing email servers. Target email systems verify that messages originate from authorized outbound email servers.