After adding or updating an SPF record, it is important to verify that it is correctly configured. SPF verification confirms that receiving mail servers can retrieve your SPF record from DNS and validate that the sending server is authorized to send emails from your domain.
If SPF is not configured correctly, emails sent from your domain may fail authentication and could be marked as spam or rejected.
The most reliable way to verify SPF is by checking the authentication results of a received email.
Send a test email from your domain to a Gmail or Outlook mailbox.
Open the received email and view the message headers or original message source.
Locate the Authentication-Results section.
You should see a result similar to:
SPF=pass
or
spf=pass (domain of yourdomain.com)
This indicates that the receiving mail server successfully verified that the sending server is authorized by your SPF record.
If SPF is not configured correctly, you may see:
SPF=fail
SPF=softfail
SPF=neutral
SPF=none
You should also confirm that the SPF record exists in your domain’s DNS.
A valid SPF record is stored as a TXT record and always starts with:
v=spf1
Example:
v=spf1 include:_spf.google.com -allWhen checking the record, make sure:
• the record exists in your domain’s DNS
• the record begins with v=spf1
• there is only one SPF record for the domain
Make sure that all services used to send emails for your domain are included in the SPF record.
If a sending service is not included in the SPF record, emails sent through that service may fail SPF authentication even if the SPF record exists.
A domain should have only one SPF TXT record. Multiple SPF records will cause SPF checks to fail.
If the sending platform is not listed in the SPF record, emails from that service will fail SPF verification.
SPF records are limited to 10 DNS lookups. Exceeding this limit can cause SPF validation failures.
After adding or updating an SPF record, DNS changes may take time to propagate across the internet.