SPF Record

Verifies the domain publishes a valid SPF record (Sender Policy Framework) declaring which IPs are authorized to send mail on its behalf. Missing SPF causes mail to fail one of the three main authentication signals (along with DKIM and DMARC).

Applies to: URIBL and URI hosts.

How It Works

We do a TXT lookup at the domain and look for a record starting with v=spf1. The check passes when exactly one such record exists.

RFC 7208 forbids more than one SPF record per domain, so multiple records is also a failure.

Fails On

No SPF record found.
More than one SPF record found.

SPF Record (Strict) - additionally requires the record to use an enforcing policy (-all or ~all).
SPF Lookup Limit - verifies the SPF record stays under RFC 7208's 10-DNS-lookup cap.

How It Works​

Fails On​

Related Checks​

How It Works

Fails On

Related Checks