Primary use
SPF lookup
Check the live SPF record before and after DNS changes or provider migrations.
Free SPF checker
Run a free SPF checker to inspect the live Sender Policy Framework record for any domain. Use this SPF lookup tool to validate the active policy, review mechanisms, count DNS lookups, and spot issues before sender changes hurt deliverability.
Run a free SPF lookup
Enter the root domain used for sending. This SPF checker returns the visible policy, a flattened view when available, a lookup count, and clear warnings or errors.
Best fit
SPF issues often appear after senders are added or retired. This page is strongest when you need one clear answer about the sender policy before traffic increases.
Upgrade path
Manual SPF checks are useful, but production teams usually need recurring verification and a shared trail of sender-domain changes.
Primary use
Check the live SPF record before and after DNS changes or provider migrations.
Critical signal
See how close the policy is to SPF DNS recursion limits before it becomes a production problem.
Output
Review the senders, includes, and qualifiers that define authorization for the domain.
Next step
Pair SPF checks with DKIM, DMARC, and header analysis when sender trust matters.
What this checks
The useful output is not just whether a record exists. It is whether the policy is valid, maintainable, and likely to authorize every real sender path without exceeding lookup limits.
Record
Live policy
Inspect the exact SPF record currently visible in DNS.
Flattened
Expanded view
Review a flattened policy shape when nested includes make maintenance harder.
Lookups
Budget check
Track DNS recursion complexity before receivers begin returning SPF errors.
Mechanisms
Sender map
See the includes, IPs, and qualifiers that actually define authorized sending paths.
SPF record anatomy
The record needs to represent the actual systems that send mail for the domain. Review includes, IP mechanisms, MX or A mechanisms, qualifiers, and the final all policy before tightening enforcement.
Includes
Vendors
Confirm every included provider still sends legitimate mail for the domain.
IP mechanisms
Direct senders
Verify explicit IP authorizations match current infrastructure.
All policy
~all / -all
Use the final qualifier to match rollout confidence and enforcement intent.
Alignment
DMARC context
Validate SPF with real headers so DMARC alignment is confirmed too.
Operational use
Searchers usually need an SPF checker because the sender policy is changing or because inbox trust is in question. Treat this as a change-control step, not a passive curiosity tool.
Capture the live sender policy and lookup count before editing anything so rollback decisions are grounded in a known baseline.
Re-run the SPF lookup after cutover to confirm the new sender path is live and old includes have not left unnecessary complexity behind.
Use SPF results with DKIM, DMARC, and header analysis when a message path suddenly loses trust or fails alignment.
MailSlurp workflow
MailSlurp helps teams connect SPF lookups to DKIM, DMARC, DNS propagation, header inspection, inbox placement, and recurring domain-health monitoring.
Check SPF before campaigns, sender migrations, provider cutovers, and template releases that change the mail path.
Compare SPF with headers, DKIM, DMARC, blacklist status, and inbox placement when deliverability drops.
Retest after propagation and monitor the domain so include-chain or policy drift does not return later.
Generate a cleaner SPF record when the current policy needs to be rebuilt or simplified.
Open toolValidate selector records alongside SPF so sender auth is reviewed as a full stack.
Open toolPair SPF results with DMARC policy validation when alignment and enforcement matter.
Open toolConfirm real messages show the SPF verdict you expect in Authentication-Results.
Open toolThis SPF checker and SPF lookup tool checks whether a domain publishes an SPF record, shows the live policy, expands a flattened version, counts DNS lookups, and highlights warnings that can break sender authorization.
SPF evaluation has a DNS lookup budget. Complex include chains can exceed the RFC limit and cause legitimate email to fail or softfail in receiving systems.
Both. Check the current posture before a migration so you know the baseline, then re-run the SPF lookup after publishing the new record to confirm the expected senders and qualifiers are live.
No. SPF is one part of email authentication. Production sender posture is stronger when SPF, DKIM, and DMARC are reviewed together and then validated in real message headers.
Multiple SPF records usually happen when separate tools or vendors each publish their own TXT policy. Receivers expect one SPF policy, so teams should consolidate providers into a single maintainable record.
Check the live SPF record, inspect lookup count and includes, send a real message, then confirm the Authentication-Results header and DMARC alignment match the intended sender path.