How to validate your SPF record

How to validate your SPF record? Setting up the correct SPF record is an essential part of your technical settings. This page explains how to check and validate if you have set up the SPF record correctly.

validate your SPF record using the SPF Record Checker
learn how to create an SPF record

 

If an SPF record is found, you will see a screen similar to the screenshot below:

How to validate your SPF record - validate SPF record


Please make sure the SPF record doesn’t exceed the maximum of 10 lookups!


The SPF records are correctly configured when:

  • The page has found an SPF record
  • Your SPF record doesn’t exceed the maximum number of 10 lookups.
  • The shown IP addresses are really addressess you’re sending email from.

If this is okay, you should be all ready to go!

If not, or if you see a screen simular to the one below, something is wrong.

How to validate your SPF record - Invalid SPF

or

The maximum amount of 10 lookups has been exceeded. ISPs could ignore your SPF record.

Please check with your hosting provider if the record is entered correctly in your Domain Name Server (DNS).

Using the command-line tool dig in OSX and Linux, you can debug some more to try and figure out what the problem is.

First we want to make sure the problem is not related to cache. E.g. when you tried the check before adding or changing the SPF record, the response from your DNS server might have been cached and it could take a couple of hours for the server to display the correct response.

To bypass any cache you can ask your nameserver directly what record it has.

Use the following command to find out what your nameservers are: dig yourdomain.com NS

[root@server ~]# dig yourdomain.com NS

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> yourdomain.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32320
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yourdomain.com.			IN	NS

;; ANSWER SECTION:
yourdomain.com.		300	IN	NS	ns1.yourdomain.com.
yourdomain.com.		300	IN	NS	ns2.yourdomain.com.
yourdomain.com.		300	IN	NS	ns3.yourdomain.com.

;; Query time: 31 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Nov 26 16:09:52 2012
;; MSG SIZE  rcvd: 87

The lines in your ANSWER SECTION (highlighted above) are your nameservers.

Now ask a nameserver what record is available using the command: dig yourdomain.com TXT @ns1.yourdomain.com

[root@server ~]# dig yourdomain.com TXT @ns1.yourdomain.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> yourdomain.com TXT @ns1.yourdomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14982
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yourdomain.com.			IN	TXT

;; ANSWER SECTION:
yourdomain.com.		300	IN	TXT	"spf2.0/pra,mfrom a mx include:aspmx.googlemail.com -all"
yourdomain.com.		300	IN	TXT	"v=spf1 a mx include:aspmx.googlemail.com -all"

;; Query time: 0 msec
;; SERVER: 83.96.177.4#53(83.96.177.4)
;; WHEN: Mon Nov 26 16:13:40 2012
;; MSG SIZE  rcvd: 200

 
You should see your TXT record(s) here. Common mistakes/problems are:

  • It takes some time to save the changes in GUI to the nameserver
    (e.g. In the GUI everything is correct but NS does not return anything/correct values)
  • It takes some time to sync all nameservers with each other
    (e.g. ns1 returns correct values, but ns2 and/or ns3 does not)
  • Accidentally copied spaces
  • Characters are escaped with an additional \
  • Quotation marks inside the response value
  • Typos

 


Always use the exact domain name you are using to send the email from. E.g. if you are sending email from info@yourdomain.com, fill in yourdomain.com as your domain name.


 
Go to the SPF Record Checker and fill in the domain you want to check and press Start.
 

all information about the Sender Policy Framework
learn how to create an SPF record
everything you need to know about SPF records
validate your SPF record using the SPF Record Checker