What is SPF and Why Does It Matter?
SPF (Sender Policy Framework) is a DNS record that tells receiving mail servers which IP addresses are authorized to send email on behalf of your domain. Without a valid SPF record, your emails are far more likely to land in spam folders — or be rejected entirely.
In 2026, SPF remains one of the three pillars of email authentication, alongside DKIM and DMARC. Major providers like Gmail and Outlook require all three for optimal deliverability.
How to Check Your SPF Record
The fastest way to check your SPF record is using our free mailcheck tool. Just enter your domain and get an instant SPF analysis. But if you want to check manually:
Using dig (Command Line)
dig TXT yourdomain.com
Look for the record starting with v=spf1. You should have exactly ONE SPF record per domain — having multiple SPF records will cause failures.
Using our API
curl https://korpo.pro/api/v1/check/yourdomain.com
Returns a structured JSON with your SPF record, includes, redirects, and any issues found.
Common SPF Problems We Detect
1. Multiple SPF Records
This is the #1 SPF error. Having two separate TXT records starting with v=spf1 causes a permerror — most receivers will fail the SPF check entirely. This often happens when adding a new mail provider (like Mailchimp) without merging records.
Fix: Combine all mechanisms into a single record:
v=spf1 include:_spf.google.com include:mailchimp.com ~all
2. Using ~all Instead of -all
~all (softfail) means "emails from unauthorized IPs should be marked suspicious but accepted." -all (hardfail) means "reject unauthorized emails." For best security, use -all. For best compatibility while transitioning, start with ~all and switch to -all after testing.
3. Too Many DNS Lookups
The RFC limit is 10 DNS lookups per SPF evaluation. Each include: or redirect= uses a lookup. If you exceed 10, the check returns permerror. Use our SPF checker to see how many lookups your record requires.
4. Missing 'all' Mechanism
An SPF record without an all mechanism defaults to ?all (neutral), which provides no protection. This is a common issue with records using only redirect=.
SPF Record Syntax Reference
| Mechanism | Meaning |
|---|---|
ip4:1.2.3.4 | Authorize an IPv4 address |
include:_spf.google.com | Inherit authorized IPs from another domain |
a | Authorize the domain's A record IPs |
mx | Authorize the domain's MX record IPs |
~all | Softfail — mark but accept |
-all | Hardfail — reject unauthorized |
Test Your SPF Record Now
Enter your domain in our free checker below and get an instant SPF analysis with actionable recommendations.
Also check: Gmail SPF · Microsoft SPF · ProtonMail SPF · Email Header Analyzer