Free SPF record checker · Instant · No signup
SPF Record Checker
Validate your SPF record instantly. Domain Doctor checks for a single valid record, the 10-DNS-lookup limit, and whether your policy actually blocks spoofed mail.
VASTROX HOSTING · EMAIL · DNS · SSL
Want VASTROX to fix every issue above — for you?
Don't fix it alone. Our team configures your SPF, DKIM, DMARC, SSL, DNS and security headers correctly, then hosts you on fast NVMe infrastructure so your domain scores an A and stays there.
- Every failing check fixed and verified
- Hosting, business email, DNS & SSL under one roof
- Free migration from your current provider
What this checks
SPF (Sender Policy Framework) lists which servers are allowed to send email for your domain. Receivers check it to decide whether a message is legitimate. Get it wrong and your real mail lands in spam — or spoofed mail sails through.
Domain Doctor confirms you have exactly one v=spf1 record, counts your DNS-querying mechanisms against the RFC 7208 limit of ten, and checks your terminal qualifier. -all (hard fail) is strongest; ~all (softfail) is acceptable; +all offers no protection at all.
Common SPF Record Checker errors
- Two SPF records (causes a PermError — SPF fails completely)
- More than 10 DNS lookups from nested includes
- Ending in +all, which authorises every sender on the internet
- Using the deprecated ptr mechanism
- Forgetting to include a new email provider after migrating
VASTROX EMAIL SECURITY
A clean, valid SPF record — done for you
We consolidate every sender into one record, keep you under the 10-lookup limit, and end it in -all so spoofers are blocked.
- One valid SPF record, no PermErrors
- Flattened to stay under the 10-lookup limit
- Hardened to -all without breaking real mail
Trusted by businesses for hosting, VPS, business email & game servers · Free migration · Real support
Frequently asked questions
How many SPF records should I have?
Exactly one. Multiple v=spf1 records make SPF fail. Merge all mechanisms into a single TXT record.
What is the SPF 10-lookup limit?
SPF allows a maximum of 10 DNS-querying mechanisms (include, a, mx, ptr, exists, redirect). Exceed it and SPF returns PermError, so legitimate mail can fail.
Should SPF end in -all or ~all?
-all (hard fail) gives the strongest anti-spoofing protection. ~all (softfail) is acceptable while you confirm every sender is listed. Never use +all.