Email
LIVE
SPF Lookup
Verify the SPF record for email authentication and prevent spoofing
usage:
spf-lookup --domain What is SPF Lookup?
SPF Lookup verifies the SPF (Sender Policy Framework) record of a domain, an email authentication mechanism that specifies which servers are authorized to send mail on behalf of the domain. It analyzes the record syntax, identifies authorized servers, and flags configuration errors.
Frequently Asked Questions
What is an SPF record? +
SPF is a TXT record in DNS that lists the IP addresses and servers authorized to send email for a domain. It helps receiving servers identify forged (spoofed) emails.
How do I create an SPF record? +
Add a TXT record in your domain's DNS zone with syntax like: v=spf1 include:_spf.google.com ~all. The main mechanisms are ip4, ip6, include, a, mx.
What do ~all, -all, and ?all mean? +
~all (softfail) flags but does not reject, -all (hardfail) rejects unauthorized emails, ?all (neutral) takes no position. ~all or -all is recommended for maximum protection.
How many DNS lookups can an SPF record perform? +
The limit is 10 DNS lookups (include, a, mx, redirect each count as a lookup). Exceeding this limit causes a permerror and the SPF record is ignored.
Is SPF enough to protect emails? +
No, SPF alone is not sufficient. It should be combined with DKIM (digital signature) and DMARC (alignment policy) for complete email protection against spoofing and phishing.
How do I test if my SPF is correct? +
Use SPF Lookup to analyze the syntax, verify the mechanisms, and check that it does not exceed the 10 DNS lookup limit.