Paste an SPF DNS record into the input field to check if it is valid.
Validation Success
SPF is an email standard for authorizing hosts to send emails from a specific domain. Most email servers, such as Gmail or Outlook, require SPF for security reasons, since without it, it is easy to spoof email addresses.
SPF is defined with a TXT record on the email domain. It must start with "v=spf1" (to differentiate it from other TXT records), and after that contains a set of mechanisms and modifiers (together called terms), separated by space.
Mechanisms are colon-separated key-value pairs, whose primary purpose is to define which IPs are allowed to send emails from the domain. The most used mechanisms are:
- include: Includes the SPF definition from the specified domain
- a: Allows emails from the specified domain
- mx: Allows emails from the IP addresses specified in the MX records
- ipv6 / ipv6: Allows emails from the specified IP address
By default, mechanisms allow the specified IPs to send emails. You can add a qualifier, such as ~ or - to prohibit them instead.
Often, you would include some IP addresses (using e.g. the include, a and mx mechanisms), and end with -all or ~all to reject emails from everywhere else. If the all mechanism is used, it must come after the other mechanisms.