Free Tool
SPF Record Checker
Confirm authorized senders before deliverability tanks.
What it calculates
Presence of v=spf1, included senders, and whether the policy is strict enough to protect the domain.
Why it matters
Receivers use SPF to decide if mail is forged. Missing or weak SPF is a common reason lifecycle email lands in spam.
The Learn Domains moat
Check → Diagnose → Activate → Ship fixes → Measure lift
Monitoring tools stop at the score. Learn Domains turns gaps into ranked actions inside your command center.
- 1Check
You ran the checker on your domain and topic.
Done - 2Diagnose
Readiness score + live mention gaps on missed prompts.
Learn more - 3Activate
Connect site, add Knowledge Base, generate Mission Brief.
Learn more - 4Ship + measure
Growth Orders → content drafts → Signal AI referrals.
Learn more
Apex domain only — no paths, IPs, or ports.
What this checker verifies
SPF TXT record on the apex domain, authorized include targets, and terminal all mechanism (~all, -all, ?all).
Scans run from Learn Domains infrastructure against the apex domain you submit. We do not crawl arbitrary URLs, probe ports, or run penetration tests. Results describe observed configuration at scan time.
Treat output as operator signal — not a security certification, ranking guarantee, or legal attestation.
How to interpret the result
Missing SPF means receivers cannot validate senders. ~all is common but permissive; -all is stricter when all senders are listed.
Severity labels rank urgency: critical issues often block traffic or trust; high issues degrade deliverability or crawl efficiency; medium and low items are worth scheduling before they compound.
When a finding is marked inference or needs human review, confirm in your DNS host, CDN, or registrar before shipping a production change.
Common causes of this issue
Multiple SPF TXT records (invalid), stale includes after vendor changes, or marketing tools sending without DNS updates.
Misconfigured migrations, partial CDN setups, and copied DNS templates are the usual culprits. Compare www and apex behavior when redirects look inconsistent.
If you recently changed hosts, allow TTL propagation before re-checking — a stale cache can look like a failure for up to 48 hours.
How to fix it
Publish one SPF record listing every live sender. Remove duplicate SPF TXT entries — only one is valid.
Document what you changed and when. Technical change detection inside Learn Domains compares future scans to this baseline so regressions surface in the Operator.
For email posture issues, coordinate with whoever owns your ESP (Google Workspace, SendGrid, etc.) so SPF and DMARC align with live senders.
When to re-check
After any ESP or marketing automation change. SPF errors are a top cause of sudden spam placement.
Re-run after DNS TTL windows, certificate renewals, or deploys that touch edge configuration. Weekly monitoring catches drift before launch deadlines.
Connected workspaces in Learn Domains store scan history — public checks are ephemeral snapshots for visitors.
Related Learn Domains workflows
Run DMARC checker on the same domain, then connect Learn Domains to track email posture alongside traffic metrics.
Deliverability issues show up in lifecycle funnels — Learn Domains ties technical mail fixes to activation and retention moves.
Start a $1 trial to connect the domain, run full Technical Preflight in the Operator (/tech), turn findings into Growth Orders, and monitor technical health alongside Mission Brief priorities.
Examples
New ESP onboarding
Scenario: You added SendGrid but forgot to update SPF.
Outcome: Checker flags missing SPF or a permissive +all policy.
Use cases
- ESP migrations
- Lifecycle email QA
- Sales outbound setup
Learn Domains perspective
Deliverability issues show up in lifecycle funnels — Learn Domains ties technical mail fixes to activation and retention moves.
FAQ
- Is the SPF Record Checker free?
- Yes. Anonymous visitors can run a limited number of checks per day. Results are cached briefly to keep scans fast. Full history, change detection, and Growth Orders require a Learn Domains workspace.
- Does this scan my entire site?
- No. Public tools inspect DNS, HTTPS entry points, robots.txt, sitemap discovery, mail records, and response headers for the apex domain. They do not brute-force paths or audit every URL.
- Can I scan any domain?
- You can check publicly registered domains you have permission to evaluate. We block internal networks, localhost, and platform abuse targets. Rate limits apply per visitor and per domain.
- How is this different from Learn Domains in the app?
- The app runs the same Technical Intelligence engine with saved history, workspace context, AI Operator interpretation, and one-click Growth Orders. Public tools deliver a snapshot; the product runs the operating loop.