SPF Record Checker
MX Records (Email Reception)
Mail servers that receive email for this domain:
smtp.google.com
SPF Record Analysis
SPF defines which mail servers are authorized to send email for this domain:
v=spf1 include:_spf.google.com ~all
v=spf1_spf.google.com : Email provider: Gmail/GSuite (Google)Example Domains
References
Frequently Asked Questions
What is SPF and why is it important?
SPF (Sender Policy Framework) is a DNS-based email authentication method that specifies which mail servers are allowed to send email for a domain. It helps prevent email spoofing and phishing by letting receiving servers verify that incoming mail comes from an authorized source.
How do I read an SPF record?
SPF records start with "v=spf1" followed by mechanisms: "include:" references another domain's SPF, "ip4:/ip6:" specifies allowed IP addresses, "a" allows the domain's A record IPs, "mx" allows the domain's mail servers. Records end with "~all" (softfail), "-all" (hardfail), or "+all" (allow all, not recommended).
What is the difference between ~all and -all?
"~all" (softfail) means unauthorized senders should be marked as suspicious but not rejected. "-all" (hardfail) means unauthorized senders should be rejected. Most domains use ~all during initial setup, then switch to -all once confident in their SPF configuration.
How does SPF relate to DKIM and DMARC?
SPF, DKIM, and DMARC work together for email authentication. SPF verifies the sending server, DKIM adds a cryptographic signature to verify message integrity, and DMARC ties them together with a policy for handling failures. For best protection, implement all three.
