SPF Checker
Lookup and visualize your SPF setup

Use Red Sift's SPF Checker tool to look up your SPF setup and check for potential impact by SubdoMailing, determining if any poisoned includes are present in your SPF configuration in seconds.

investigate cards

Get an instant analysis of your email security setup with our free Investigate tool

SPF is just one part of your email security setup. Use our Investigate tool to check if your DMARC, DKIM, MTA-STS, and other important protocols are set up correctly, and get actionable steps on how to fix any issues.

Investigate Now

What is the SPF Checker?

The SPF Checker tool examines and validates a domain's SPF configuration by checking for an SPF record in the domain's DNS, evaluating the number of lookups, detecting syntax errors or common issues such as void lookups or incorrect mechanisms. It offers a dynamic visualization of the "SPF tree," illustrating each resolution of the SPF record to provide in-depth inspection of the configuration.

What is SPF and why is it important for email security?

SPF stands for Sender Policy Framework. It’s an email authentication protocol that acts as a whitelist, outlining the senders authorized to send emails on your behalf. Its aim is to prevent email forgery.

What is the SPF tree visualization, and how can it help me understand my SPF record better?

The SPF tree visualization provided by the SPF Checker illustrates each step of SPF record resolution, showing how each mechanism is evaluated and whether it results in a pass, fail, or neutral outcome. This visualization helps users understand the hierarchy of SPF mechanisms and identify potential issues or misconfigurations within the SPF record.

What is the SubdoMailing attack and how can the SPF Checker help?

On Feb 27th, 2024, researchers at Guardio discovered a massive email ad fraud campaign based on thousands of hijacked domains and subdomains. You can read more about the SubdoMailing attack and how to protect yourself here.

The Red Sift SPF Checker detects if your SPF record contains compromised includes that leave your domain open to spoofing attacks. The dynamic visualization of the SPF tree allows you to highlight where the poisoned includes exist. If compromised includes are discovered, we recommend you remove these entries from your SPF record immediately.


Why should I check my domain's SPF configuration?

Checking your domain's SPF configuration ensures that it is correctly set up to authenticate emails sent from your domain, reducing the likelihood of your emails being marked as spam or being rejected by recipient servers.

How can I interpret the results provided by the SPF Checker?

Depending on the SPF configuration of the specified domain, information messages are displayed with the option to "highlight in SPF tree".

  • Green indicates information only (e.g., well-known provider).
  • Yellow signifies warnings only (e.g., void lookup).
  • Red denotes issues (e.g., permanent DNS error).
Can the SPF Checker identify errors in nested includes from third-party records?

Yes, the SPF Checker can identify errors in nested includes from third-party records by analyzing each included SPF record within the hierarchy. This allows users to detect and address issues in third-party SPF configurations that may impact their own domain's email authentication.

How can I access my domain's SPF record?

You can access your domain's SPF record by querying the DNS records for your domain using tools like nslookup or dig. Alternatively, you can use online SPF lookup tools or access the DNS management interface provided by your domain registrar or hosting provider.

What is a void lookup, and why is it a concern for SPF configuration?

A void lookup occurs when a mechanism in the SPF record results in a DNS query that returns no result, indicating a misconfiguration or an invalid entry. Void lookups can lead to SPF authentication failures and should be addressed to ensure the integrity of the SPF configuration.

How can I fix syntax errors in my SPF record?

Syntax errors in an SPF record can be fixed by reviewing the SPF syntax guidelines and ensuring that the record is correctly formatted. Common syntax errors include missing or misplaced mechanisms, invalid characters, and incorrect spacing. Once identified, syntax errors can be corrected using the DNS management interface provided by your domain registrar or hosting provider.

What are SPF mechanisms, and how do they affect email authentication?

SPF mechanisms are components of an SPF record that specify which mail servers are authorized to send emails on behalf of a domain. Mechanisms include IP addresses, domain names, and qualifiers that define how the mechanism should be interpreted. By configuring appropriate mechanisms in the SPF record, domain owners can control which mail servers are allowed to send emails using their domain name, thereby enhancing email authentication and security.