Email Security Tool

SPF Checker

Find the SPF TXT record for a domain and review common policy signals. This does not replace a full mail-flow or deliverability diagnosis.

Check SPF

Enter a domain to check SPF.

Raw JSON

What the results mean

A normal SPF policy starts with v=spf1. Broad mechanisms such as +all can be risky, while too many includes can hit SPF lookup limits.

How to use this tool

Enter the organizational domain.
Review whether exactly one SPF record exists.
Check DMARC after SPF so receiver policy is also visible.

FAQ

Does SPF stop spoofing by itself?

No. SPF is one signal. DMARC alignment and DKIM also matter.

Is `~all` bad?

Not automatically. It is a soft-fail policy and may be intentional during rollout.

Can this validate every include?

No. This first pass highlights the root SPF record and obvious structure signals.