SPF states which servers may send email for your domain. Set wrong, it blocks legitimate mail or lets forged mail through. We check it and pinpoint the errors.
Run a free domain scan All checks βWe verify that an SPF record exists, that it ends in -all (hard fail) not ~all, that it stays under 10 DNS lookups (or it fails silently) and that all legitimate senders (newsletters, CRM, support tools) are actually included.
SPF is the foundation of the DMARC chain. A too-soft or incomplete SPF lets spoofed mail through β or sends your own mail to spam. It's also an explicit secure-communication requirement in NIS2 and ISO 27001.
v=spf1 record-all vs ~all vs +all)~all (soft fail) instead of -all+all β lets anyone through (critical error)Can I have multiple SPF records?
No β only ONE SPF record per domain is valid. Multiple records make them all fail. All senders must be in a single record.
What is the 10-lookup limit?
SPF may do at most 10 DNS lookups. Beyond that the record fails (permerror) and protection silently disappears. We flag if you're near the limit.
Is SPF enough alone?
No β SPF doesn't protect the From address the user sees and breaks on forwarding. DMARC on top of SPF + DKIM is the complete protection.
Run a free scan or order a full Security Assessment β prioritised, not noise.
Run a free domain scan