SPF Validator and Raw Checker

Q: How to correct a failed SPF record message?

There are two types of SPF failures: authentication and alignment. For authentication, add the sending IP address to your domain’s SPF record. For alignment, ensure the return-path address matches the From: address. Contact your ESP if alignment settings aren't configurable by default.

Q: Where do I set up my SPF record?

List all mail servers that send emails for your domain, generate your SPF record, and publish it in your DNS zone settings.

Q: I’ve published my SPF records. What’s next?

After publishing SPF, implement DKIM, then proceed with DMARC setup. Use EasyDMARC to configure 'rua' and 'ruf' tags and begin receiving DMARC reports to enhance email security and visibility.

Verify and validate the SPF record for your domain.

Refine Your SPF Email Authentication

With EasyDMARC’s SPF record validator, you can run an SPF syntax check, ensure a passing raw result, and accurately verify your SPF record before publishing to your DNS. This advanced tool provides a comprehensive analysis of any SPF record, identifying gaps, errors, or misconfigurations that may compromise your email authentication.

Enter your domain name and SPF record, click “Validate SPF Record” and EasyDMARC will provide quick results to help you fix your SPF records before they cause any issues. Try EasyDMARC’s SPF Record Validator today, for free.

What is an SPF Record Validator?

EasyDMARC’s SPF Record Validator tool allows you to check whether your SPF record is valid or not before publishing it in your DNS to avoid any typos and/or misconfiguration.

It checks for syntax errors, validates the record's elements, and checks for previously published SPF records. Our SPF record testing tool also advises on optimizing the SPF record for better performance.

What Needs to be in an SPF Record?

Your SPF record should include the domains and IP addresses of all services that send emails from your domain, such as your own mail server, third-party services, or a combination of both.

If you are using Google Workspace, you should include a reference to Google Workspace in your SPF record. The SPF record should also include any applicable modifiers, such as "include" or "redirect" commands, to specify how to handle mail from other sources.

SPF tags and their definitions

TAG	TAG DESCRIPTION
v (required)	The version tag. is the only allowed value is "spf1". If it's incorrect or the tag is missing, the SPF record will be ignored.
IP4	This tag should include all the IPv4 addresses that are allowed to send emails on behalf of the domain.
IP6	This tag should include all the IPv6 addresses that are allowed to send emails on behalf of the domain.
a	The A record tag allows the SPF to validate the sender by the domain name's IP address. If left unspecified, it takes the value of the current domain.
mx	The MX record tag checks the MX record of the mail server(s). If left unspecified, it takes the value of the current domain.
ptr (Not recommended)	The PTR tag prompts a PTR check for client IP hostname(s). It's a not recommended tag as per RFC 7208, because it spends too many DNS lookups.
exists	The exists tag checks if an A record exists or not on the mentioned domain.
include	The include tag is of top importance for a correct SPF record. Listing all your sending sources under this tag lets the recipient know that you verify all the added domains/subdomains as legitimate sources.
all (required)	All is a required tag. It should be placed at the end of the SPF record. Depending on the qualifiers used (~, +, -, ?), this mechanism indicates how the recipient should treat emails from non-authorized sources.
Redirect	The "Redirect" mechanism allows a domain to delegate its SPF authentication to another domain by specifying the redirected domain in the SPF record.

How to correct a failed SPF record message?

There are two common SPF failures: failing authentication or failing alignment.

For Authentication failures, whitelist the IP address of your mail server in the sender domain’s SPF Record. For Alignment failures, ensure that the return-path address matches the From: address used for outgoing emails.

In most cases, you need to get in touch with your ESP in use to fix these failures. Some providers allow customers to achieve alignment by default, while others will let you activate it from the given portal. However, some providers don’t provide SPF alignment at all.

Where do I set up my SPF record?

The point of implementing SPF is to identify which mail servers you use to send emails from your domain. After making a list of your sending domains, generate your SPF record and publish it in your DNS.

I’ve published my SPF records. What’s next?

The next step is to implement your DKIM records properly. After that, you’ll be ready for DMARC deployment. Use EasyDMARC's cloud-native platform to set up your “rua” and “ruf” tags. At this stage, you’ll start receiving DMARC reports. Going through these reports carefully and ensuring DMARC enforcement will propel your domain infrastructure to new heights while guaranteeing you and your IT team some well-deserved peace of mind.

Explore All EasyDMARC Tools To Improve Your Domain
Security and Email Deliverability

Lookup tools

Generator tools