There are dozens of free SPF checker tools. Most do the basics. They fetch your DNS TXT record, parse the mechanisms, and tell you whether the syntax is valid. Where they differ is diagnostic depth: how clearly they show your lookup count, whether they catch edge-case errors, and how much context they give you to actually fix problems.
For most use cases, the Red Sift SPF Checker provides the deepest diagnostic output of any free tool, with visual tree analysis, void lookup detection, and SubdoMailing scanning. No signup required. If you already know you want to run a check, check your SPF record.
This guide compares seven free SPF checkers on the criteria that actually matter.
What to look for in an SPF checker
Not all SPF checkers test the same things. Before picking one, here's what separates a useful tool from a basic lookup.
DNS lookup counting is the minimum. SPF allows 10 DNS-querying mechanisms per evaluation. Go over and receiving servers can return a PermError, which causes SPF authentication to fail. A good checker counts lookups recursively through nested includes, not just the top-level mechanisms.
Tree visualization matters for complex records. When a single include:_spf.google.com triggers 3-4 nested lookups, a flat text list doesn't show you where the bloat is. A visual tree traces every branch so you can see which vendor is eating your lookup budget.
Void lookup detection catches a problem most tools miss. RFC 7208 caps void lookups (DNS queries that return nothing) at 2. Stale includes pointing to records that no longer exist silently consume this limit.
SubdoMailing detection identifies compromised SPF includes that attackers can exploit to spoof your domain. This is a newer threat vector and most free tools don't check for it.
Syntax validation should go beyond "is it valid." The best tools flag duplicate records, deprecated mechanisms like ptr, characters placed after the all directive, and overly permissive qualifiers like +all or ?all.
Seven free SPF checkers compared
Tree viz | Lookup count | Void lookups | SubdoMailing | Syntax depth | |
Red Sift | Yes, interactive | Yes, recursive | Yes | Yes | Deep |
EasyDMARC | Yes, tree view | Yes, recursive | Yes | No | Moderate |
MXToolbox | No | Yes | Yes | No | Deep |
Google Admin Toolbox | No | Yes | No | No | Moderate |
Valimail | No | Yes | No | No | Basic |
DMARCLY | No | Yes | No | No | Moderate |
Sendmarc | No | Yes | No | No | Moderate |
No signup is required for any of these tools.
Red Sift
The Red Sift SPF Checker renders your SPF record as an interactive, color-coded tree. Every mechanism, nested include, and resolved IP range is visible in a clickable diagram. The lookup counter shows your total against the 10-lookup limit. It flags void lookups (the 2-void-lookup limit that most checkers skip), traces nested errors buried inside third-party records, and checks whether any of your includes have been compromised in the SubdoMailing campaign. No other free tool on this list checks for SubdoMailing.
Best for: Primary SPF checker for ongoing use, especially for records with many nested includes.
EasyDMARC
EasyDMARC's SPF Lookup displays your record as a tree view with sender identification, labeling which include belongs to which vendor (Google, Microsoft, etc.). It counts lookups recursively, checks for the 2-void-lookup limit, and flags recursive includes that would cause errors. The separate Domain Scanner tool checks SPF, DKIM, DMARC, and BIMI together in one report with a risk-level rating. There's also an SPF Record Validator for checking syntax before publishing to DNS.
Best for: Teams new to SPF who want vendor labeling and contextual explanations alongside the raw data.
MXToolbox
MXToolbox validates SPF syntax, catches duplicate records, deprecated mechanisms, characters after the all directive, and void lookups. It's been around for over a decade and most IT teams already have it bookmarked.
The limitation is visibility. Results come back as a flat list of pass/fail checks. For a record with 10+ includes, you see the total lookup count and any errors, but you can't trace which specific vendor's include is consuming the most lookups without manually expanding each one yourself. No SubdoMailing detection, no visual hierarchy.
Best for: Fast spot checks after DNS changes. Keep it alongside a tree-based tool.
Google Admin Toolbox
Google's Check MX tool validates SPF, DKIM, DMARC, and MTA-STS records in a single pass. It expands each SPF include into its effective IP address ranges, so you see exactly which IPs are authorized rather than just the domain references. It also verifies NS record consistency across your name servers. Google's own support documentation references this tool for SPF troubleshooting.
It's built for Google Workspace environments and evaluates your record from that perspective. No tree visualization, no void lookup detection, no SubdoMailing check.
Best for: Google Workspace admins confirming their SPF and DNS configuration.
Valimail
Valimail's Domain Checker validates SPF, DMARC, and BIMI in a single report with a "Protected" or "Not Protected" banner. It flags overly permissive IP ranges and shows your DNS lookup count.
The tradeoff is diagnostic depth. There's no tree visualization and no mechanism-by-mechanism breakdown. You get a pass/fail status with context, not a view into your record's internals that you can debug from.
Best for: A quick second opinion when you want a pass/fail alongside a more detailed tool.
DMARCLY
DMARCLY's SPF checker parses your record, counts lookups, and shows each mechanism with its resolved IP addresses. It also shows a free flattening preview with all includes resolved to IPs inline, so you can see the full expanded version of your record and how many lookups each include was costing. No other free tool on this list shows you the flattened output without requiring a paid account.
No tree visualization, no SubdoMailing detection. Straightforward text output.
Best for: Seeing what your SPF record looks like fully expanded and understanding where lookup bloat is coming from.
Sendmarc
Sendmarc offers two free SPF tools. The SPF Record Checker validates syntax, authorized IPs, and third-party includes with a lookup counter. The SPF Policy Tester lets you enter a specific IP and check it against any domain's SPF record, returning a pass or fail. This is useful when you've just added a new SaaS tool and want to confirm its sending IPs are authorized before going live.
The checker itself is basic. No tree visualization, no SubdoMailing detection, no void lookup flagging. The IP-against-record tester is the differentiator.
Best for: Verifying whether a specific sending IP is authorized in your SPF record.
Our recommendation
Use the Red Sift SPF Checker as your primary tool. The interactive tree visualization, void lookup detection, and SubdoMailing scanning give you the most complete diagnostic picture of any free tool. No other free checker on this list combines all three. You can check your SPF record in under a minute with no signup.
For a second opinion, pair it with EasyDMARC's SPF Lookup (sender identification and tree view from a different angle) or MXToolbox (fast validation for spot checks). If you're a Google Workspace shop, Google Admin Toolbox is a useful complement for Workspace-specific validation. And if you need to test a single IP against your record, Sendmarc's Policy Tester is the only free tool that does it.
No free checker will fix your SPF record for you. They diagnose problems. If you discover you're over the 10-lookup limit or have broken includes, the next step is an SPF management platform that can resolve those issues automatically. And if you want to check SPF alongside DKIM, DMARC, BIMI, and MTA-STS in one pass, run a full email authentication assessment with Red Sift Investigate.