SPF Record Checker

Inspect Sender Policy Framework (SPF) records on target domains to audit authorized mail servers and detect spoofing vulnerabilities.

This interactive client-side tool is part of the NervLink Cybersecurity Suite. All analysis is verified entirely inside the local browser sandbox for maximum safety and data privacy compliance.

How It Works

  1. Provide a target domain hostname.
  2. The tool fetches TXT records matching the v=spf1 version specifier.
  3. The policy structure, include chains, and active IP/CIDR ranges are parsed and checked for syntax compliance.

Primary Use Cases

Common Security Pitfalls

Frequently Asked Questions

What is the difference between ~all and -all?
~all specifies a SoftFail (emails failing check are marked/flagged but accepted), while -all specifies a HardFail (emails failing check should be rejected outright).
What is the 10 DNS lookup limit?
SPF specifications restrict policy evaluation to a maximum of 10 recursive DNS lookups (caused by includes, mx, a, exists redirects) to prevent DDoS abuse on name servers.

References & Standards