SPF Record Evaluator

Analyze SPF (Sender Policy Framework) records with recursive expansion of includes and redirects. Check DNS lookup limits and identify potential policy issues.

SPF Examples

SPF Evaluation

Domain Name

Understanding SPF Records

SPF Mechanisms

all: Matches all addresses (use carefully)

ip4/ip6: Matches specific IP addresses or ranges

a/mx: Matches A or MX record addresses

include: References another domain's SPF record

redirect: Redirects to another domain's SPF record

SPF Qualifiers

+ (Pass): Explicitly allow

- (Fail): Explicitly deny

~ (Soft Fail): Mark as suspicious

? (Neutral): No explicit policy

DNS Lookup Limits

SPF has a limit of 10 DNS lookups to prevent infinite loops and reduce load. This includes:

Each include mechanism
Each a, mx, exists, ptr mechanism
Lookups from redirect modifiers

Best Practices

Keep DNS lookups under the 10-lookup limit
End with -all or ~all for security
Use IP addresses when possible to reduce lookups
Avoid excessive nesting of includes
Regularly audit and update SPF records

NetoStack

SPF Record Evaluator

SPF Examples

google.com

github.com

mailchimp.com

salesforce.com

microsoft.com

atlassian.com