Parse, validate, and flatten SPF (Sender Policy Framework) records with this free tool. Enter a domain name to fetch its live SPF record via DNS, or paste an SPF string directly. The parser breaks down each mechanism (ip4, ip6, include, a, mx, redirect, exists), validates syntax against RFC 7208, and warns about the 10 DNS lookup limit. Use it to debug email deliverability issues, audit sender authorization, or prepare SPF records before publishing.
include, a, mx, ptr, exists, and redirect.
include:domain
Include another domain's SPF (DNS lookup)
ip4:address/prefix
Authorize IPv4 address or range
ip6:address/prefix
Authorize IPv6 address or range
a[:domain]
Authorize A records (DNS lookup)
mx[:domain]
Authorize MX records (DNS lookup)
all
Match everything (usually last)
exists:domain
Check if domain resolves (DNS lookup)
redirect=domain
Use another domain's SPF instead
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. When a receiving server gets an email, it checks the SPF record to verify the sending server is allowed. A properly configured SPF record helps prevent email spoofing and improves deliverability.
SPF flattening replaces include: and redirect= mechanisms with the actual IP addresses they resolve to, reducing the number of DNS lookups. SPF has a strict 10 DNS lookup limit — if your record exceeds this through nested includes (common with services like Google Workspace, Microsoft 365, and Salesforce), emails may fail SPF checks. Flattening consolidates everything into direct ip4: and ip6: mechanisms.
RFC 7208 limits SPF records to 10 DNS lookups (including include:, a:, mx:, redirect=, and exists: mechanisms). Each include: can trigger additional nested lookups. Exceeding this limit results in a "permerror," and the SPF check fails. This is the most common SPF misconfiguration, especially for organizations using multiple SaaS email services.