SPF Surveyor
Our SPF Surveyor provides a graphical view of DNS records that allows you to more easily identify which third-party email sources and IPs are authorized to send on behalf of a domain. The tool will also verify that the SPF record has correct syntax and is free of errors that could lead to diminished email deliverability and failed email authentication.
Warning
Error
Access/bookmark this inspection at
Did you mean
?
DNS queries to resolve the mechanism / modifier
Click on nodes to expand.
Expand all
Collapse all
mechanisms
modifiers
Netblock
Occurrences
Domain
Record
DNS lookups needed to validate the record
This SPF record exceeds the maximum of 10 DNS lookups. Often, unnecessary entries can be safely removed after evaluating DMARC data. To learn how to address the "Too many lookups" issue, read our guide here:
This record has a high lookup count. Review and adjust as needed based on this domain's DMARC data
This record has a low lookup count. Review and adjust as needed based on this domain's DMARC data.
This record utilizes no DNS-querying mechanisms / modifiers. There are no efficiency gains to be made in terms of reducing the number of DNS queries.
Learn more about SPF mechanisms / modifiers.
netblocks are authorized, which equals
IPv4 addresses
It's important to periodically review SPF records to ensure that only necessary netblocks are included.
Duplicate netblock authorization
The following netblocks have been authorized more than once. Duplicates usually indicate inefficient records or redundant "include" mechanisms, and should be removed.
Record flattening
Get help resolving SPF’s 10 DNS lookup limit here. Learn why we strongly advise against SPF Flattening here.
Congratulations! Your SPF record is valid.
High five! Your SPF record is valid, but...
Warning! Your SPF record is valid, but...
There is something wrong with your SPF record.
No SPF Record for this domain.
we noticed you don't have a DMARC record. Add DMARC to disallow unauthorized use of your email domain to protect people from spam, fraud and phishing.
Let us help you get that fixed and start a free 30-day trial.
Click here to read our "Getting Started with DMARC" guide.
we noticed you don't have a dmarcian account. No problem, you can start a free 30-day trial and we can help you on your journey towards DMARC compliance.
Enter domain
Survey domain
What is an SPF lookup?
When you send an email, DNS queries are made to verify it.
An SPF record, stored as a TXT entry in DNS, publicly lists which IP addresses can send email for your domain. Rather than just IPs, an SPF record uses “terms” called mechanisms and modifiers, that point to IP addresses or to other domains with their own SPF records.
The receiving server evaluates these terms from left to right, performing DNS lookups as needed to discover which IP address sent the email. Each lookup counts towards a limit of 10. If the sending IP isn’t found within 10 lookups, SPF fails with a “permerror”, protecting the DNS from overload.
Your SPF record should have 10 or fewer terms that trigger DNS lookups. Many providers use subdomains for DMARC compliance, so their mechanisms don’t need to be in your top-level record. If a costly mechanism is present, our SPF Surveyor will notify you.
Take control of your SPF records with confidence.
Why SPF flattening is a bad idea
SPF Flattening, or Hosted / Managed SPF solutions attempt to work-around the “Too Many DNS Lookups” error without addressing the underlying issues that caused the error in the first place. An organization looking for a solution to this problem has likely inherited “technical debt” which they either must propagate or resolve.
While managed or hosted SPF solutions may offer convenience, they create unwanted vendor lock-in and reduce your control over DNS records. Additionally, they often promote over-authorization, which enlarges your attack surface and weakens your overall email security posture.
Cleaning an SPF record doesn’t have to be complicated. By reviewing and removing unnecessary or outdated entries step-by-step, you can simplify your SPF easily and improve your email security without being overwhelmed. The goal is to make your SPF straightforward and effective, not a complex puzzle.
Experience the dmarcian difference: with our industry-leading source classification engine and crystal-clear insights, simplifying your SPF management is straightforward and lasting rather than just a quick bandaid fix.
For a deeper dive, we encourage you to read our Concluding the Experiment: SPF Flattening article.
