wiredepth
Run a check

Free tool · Email auth

SPF raw validator

Paste a raw SPF record and validate the syntax before you publish. Tokenises every mechanism, counts DNS lookups against the RFC 7208 cap, flags the most common mistakes (duplicate all, deprecated ptr, missing terminator). No DNS lookups - this is a pure syntax check.

The full TXT value, including the v=spf1 prefix. Whitespace and surrounding quotes are tolerated.

Findings

  • errorEmpty input.

What this tool checks

Why a raw validator:by the time you've published a broken SPF record and noticed mail is bouncing, you're troubleshooting under pressure with stakeholders watching. This tool catches the syntax issue before you hit save in the DNS console. Paste what you're about to publish, get instant feedback, publish only when the verdict is green.

What we check: v=spf1 prefix, mechanism syntax, duplicate mechanisms, duplicate all terminators, RFC 7208 10-lookup cap, the deprecated ptr mechanism,redirect= + allcoexistence (illegal), and ip4 / ip6 format. We don't resolveinclude: targets; for that, use the SPF flattener which walks the include tree against live DNS.

What we don't check: include target existence (DNS-resolution job, use the flattener), whether the IPs in ip4:ranges actually correspond to real senders, or whether the policy is "correct" for your business (the generator helps build the right one).

Frequently asked questions

Why doesn't the validator resolve include: targets?

Because the resolution result depends on the live DNS state of those domains and is more of a "what will receivers see right now" check than a syntax validation. The flattener tool at /spf-flatten does the full recursive resolve.

What's the difference between a warning and an error?

An error means the record will produce permerror or unexpected behaviour on a receiving MTA - fix before publishing. A warning means the record will work but you might not have intended what you wrote (e.g. explicit + qualifiers, deprecated ptr mechanism).

Can I paste an SPF record with quotes around it?

Yes. Some DNS consoles surface SPF with surrounding quotes. The validator strips them. Same with whitespace at either end.

Is the lookup count exact?

Yes for the direct mechanisms (include:, a, mx, ptr, exists, redirect= all count). It does NOT recursively count includes within each include: target - that needs DNS resolution. If your count is at 8 with two include:s, each of those includes could themselves recursively add lookups and push you over the cap. Use the flattener to see the real total.

Related free tools

SPF record generator

Build a fresh SPF record from scratch by picking the senders you use.

SPF flattener

Recursively resolve includes into a 0-lookup ip4: / ip6: record.

DMARC analyzer

Validate the DMARC policy that builds on top of SPF.

Unified domain check

One report covering SPF, DMARC, TLS, BIMI, headers, and more.