SPF Record Checker
Look up and validate a domain's SPF (Sender Policy Framework) TXT record.
SPF records change — and you won't know until deliverability drops.
Monitor your SPF automatically
- ✓Hourly SPF validation
- ✓MX record monitoring
- ✓DKIM / DMARC checks
- ✓Email + Slack alerts
- ✓Change history
- ✓Deliverability score
Frequently Asked Questions
What is an SPF record?
SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are allowed to send email for your domain. Receiving servers check it to help detect spoofing. A record looks like v=spf1 include:_spf.google.com ~all.
What do the SPF mechanisms mean?
include:— authorize another domain's SPF (e.g. your email provider).a/mx— authorize the domain's A or MX hosts.ip4:/ip6:— authorize specific IP addresses or ranges.all— matches everything else; the qualifier before it sets the policy.
What is the difference between ~all and -all?
-all (hard fail) tells receivers to reject mail from servers not listed. ~all (soft fail) tells them to accept but mark it suspicious. ?all is neutral. Use -all once you're confident every legitimate sender is included.
Why does SPF allow only 10 DNS lookups?
The SPF spec limits a record to 10 DNS-querying mechanisms (include, a, mx, ptr, exists) to prevent abuse. Exceeding it causes a permerror and SPF fails. If you're over the limit, flatten nested includes or remove unused senders.
Can I have more than one SPF record?
No. A domain must publish exactly one SPF (v=spf1) TXT record. Two or more cause a permerror. Merge all senders into a single record instead.
Related Report Tools
These tools and monitors cover the same area — worth checking if you're already here.
Network Tools
-
HTTP Request
Send HTTP requests with custom method, headers, body, and authentication — inspect the full response.
-
HTTP Request Timing
Load a URL in headless Chromium and stream every fetched resource with size and timing.
-
Uptime Check
The simplest possible check: fetch the page, confirm it returns 2xx.
-
CORS Tester
Test any URL for CORS (Cross-Origin Resource Sharing) with a custom method, headers, and body — see exactly why a browser would allow or block the request.
-
Dead Link Checker
Crawl a website and find broken internal links — renders JS pages with a headless browser.
-
IP Blacklist Check
Check an IPv4 address against 49 major DNS blacklists (Spamhaus, SORBS, Barracuda, SpamCop, etc.).
-
Network Path Monitor
Continuous traceroute with per-hop loss and RTT statistics.
-
Traceroute
Trace the path packets take to a destination host, hop by hop.
-
Ping Scanner
Ping many hosts in parallel and report which are alive.
-
Ping Host
Send ICMP echo requests and report RTT and packet loss.
-
IP Geolocation
Resolve a domain or IP to its city, country, ASN/org, and coordinates — with a map.
-
IPv4 ↔ IPv6
Convert IPv4 to/from IPv4-mapped IPv6 (::ffff:a.b.c.d).
-
MAC OUI Lookup
Look up a MAC address's first 3 octets in the IEEE OUI vendor database (curated subset).
Email / SMTP Diagnostics
-
Email Health
One-click domain scorecard — Blacklist, Mail Server, Web Server, and DNS checks graded Errors / Warnings / Passed, MXToolbox-style.
-
Email Records Check
Consolidated MX, SPF, DMARC, and DKIM-selector lookup for an email domain.
-
SPF Record Checker
Look up and validate a domain's SPF (Sender Policy Framework) TXT record.
-
Email Blacklist Check
Resolve a domain's MX hosts to IPs and check each against 49 IP blacklists plus the domain itself against 9 domain blacklists.
-
SMTP Banner Probe
Connect to an SMTP server, capture its banner + EHLO capabilities, and test STARTTLS.
Packet Generation & Testing
-
TCP/UDP Connection Tester
Check TCP port reachability; optionally send a payload and read the reply.
-
TLS Handshake Inspector
Inspect a server's TLS handshake: version, cipher, ALPN, full cert chain.
-
HTTP Availability Check
Probe a list of hostnames (max 16) for HTTP and HTTPS availability.
-
HTTP Latency
Send N HTTP HEAD requests to a URL and report min/median/mean/max/stddev latency. From this server's vantage.
-
Path MTU Probe
Discover the path MTU to a host by sending increasingly large DF-bit pings (binary search).
IP & Subnet Utilities
Routing & BGP
TLS / SSL Auditing
-
TLS Quick Scan
Probe which TLS protocol versions a server accepts and show the cipher each negotiates.
-
TLS Deep Scan
Full chain validation, OCSP stapling, SCT count, and per-TLS-version cipher matrix.
-
SSL Certificate Expiration
Days remaining before a server's TLS certificate (and its full chain) expires.
-
Domain Certificate Audit
Search Certificate Transparency logs for every SSL certificate ever issued to a domain — reveals subdomains, issuers, and historical issuance.
NTP / Time Sync
HTTP/2 & WebSocket
-
HTTP/2 Probe
Negotiate HTTP/2 via ALPN and decode the server's SETTINGS frame (window size, max streams, etc.).
-
WebSocket Probe
Send a WebSocket Upgrade handshake and verify the Sec-WebSocket-Accept response, subprotocols, and extensions.
-
HTTP/2 Stress Testerlogin
Benchmark HTTP/2 server performance — measure requests per second, latency distribution, and concurrent stream throughput under sustained load.
Encoding & Conversion
-
Hex ↔ Text
Convert UTF-8 text to a hex string, or parse a hex string back to text (separators :/.- ignored).
-
Binary ↔ Text
Convert UTF-8 text to 8-bit binary, or parse a binary string back to text.
-
Case Converter
Convert text between common casings: UPPER, lower, Title, snake_case, kebab-case, camelCase.
-
Number Base
Convert a number between decimal, binary, octal, and hexadecimal representations.
-
Unix Timestamp
Convert between Unix epoch seconds and ISO/RFC datetime formats (UTC).
-
IPv4 ↔ Decimal
Convert between dotted IPv4 notation, 32-bit decimal, hex, and dotted binary.
-
JWT Decoder
Decode a JWT into its header and payload (no signature verification — that needs the signing key).