Email authentication
SPF Validator
Validate a domain SPF record, parse mechanisms, terminal all, lookup count and configuration warnings.
Need SPF, DMARC, and DKIM together? Run full email auth audit → Email Auth Checker
How to use this tool
- SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. Start at the organizational domain, list every authorized sender, prefer include for SaaS providers, end with -all or ~all, stay under ten DNS lookups, then validate DMARC alignment before enforcement. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
- SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. Start at the organizational domain, list every authorized sender, prefer include for SaaS providers, end with -all or ~all, stay under ten DNS lookups, then validate DMARC alignment before enforcement. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
- SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. Start at the organizational domain, list every authorized sender, prefer include for SaaS providers, end with -all or ~all, stay under ten DNS lookups, then validate DMARC alignment before enforcement. For "multiple SPF TXT records", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
- SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. Start at the organizational domain, list every authorized sender, prefer include for SaaS providers, end with -all or ~all, stay under ten DNS lookups, then validate DMARC alignment before enforcement. For "DNS lookup limits and flattening", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
- SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. Start at the organizational domain, list every authorized sender, prefer include for SaaS providers, end with -all or ~all, stay under ten DNS lookups, then validate DMARC alignment before enforcement. For "SPF alignment with DMARC", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
- SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. Start at the organizational domain, list every authorized sender, prefer include for SaaS providers, end with -all or ~all, stay under ten DNS lookups, then validate DMARC alignment before enforcement. For "ip4, ip6, mx, and ptr mechanisms", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
What the result shows
The result is split into the signals that matter for this specific check.
| Field | Purpose | Example |
|---|---|---|
| Domain | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Enter the apex domain that appears in the visible From header. |
| Query name | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Confirm exactly one v=spf1 TXT record is published. |
| Found | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "multiple SPF TXT records", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Review parsed mechanisms, terminal all, and lookup count. |
| Valid | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "DNS lookup limits and flattening", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Remove deprecated ptr and permissive +all when possible. |
| Terminal all | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "SPF alignment with DMARC", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Pair the result with DMARC and DKIM checks on the same domain. |
| Mechanisms | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "ip4, ip6, mx, and ptr mechanisms", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Re-run after DNS TTL once includes are verified. |
| DNS lookup count | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Enter the apex domain that appears in the visible From header. |
| Raw record | SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment. | Confirm exactly one v=spf1 TXT record is published. |
When this check helps
Use the validator during ESP onboarding, Microsoft 365 or Google Workspace migrations, DMARC rollout, deliverability incidents, and vendor questionnaires. SPF is only half of authentication — DMARC still needs aligned DKIM or SPF results at the From domain. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Use the validator during ESP onboarding, Microsoft 365 or Google Workspace migrations, DMARC rollout, deliverability incidents, and vendor questionnaires. SPF is only half of authentication — DMARC still needs aligned DKIM or SPF results at the From domain. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Use the validator during ESP onboarding, Microsoft 365 or Google Workspace migrations, DMARC rollout, deliverability incidents, and vendor questionnaires. SPF is only half of authentication — DMARC still needs aligned DKIM or SPF results at the From domain. For "multiple SPF TXT records", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Use the validator during ESP onboarding, Microsoft 365 or Google Workspace migrations, DMARC rollout, deliverability incidents, and vendor questionnaires. SPF is only half of authentication — DMARC still needs aligned DKIM or SPF results at the From domain. For "DNS lookup limits and flattening", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Use the validator during ESP onboarding, Microsoft 365 or Google Workspace migrations, DMARC rollout, deliverability incidents, and vendor questionnaires. SPF is only half of authentication — DMARC still needs aligned DKIM or SPF results at the From domain. For "SPF alignment with DMARC", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Use the validator during ESP onboarding, Microsoft 365 or Google Workspace migrations, DMARC rollout, deliverability incidents, and vendor questionnaires. SPF is only half of authentication — DMARC still needs aligned DKIM or SPF results at the From domain. For "ip4, ip6, mx, and ptr mechanisms", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
What to review when results look wrong
If no record appears, query the apex TXT directly — not _dmarc or a selector. When multiple v=spf1 strings exist, merge authorized sources into one record because receivers may reject ambiguous publications. After edits, wait for TTL and compare the raw TXT field against dig +short TXT example.com. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
If no record appears, query the apex TXT directly — not _dmarc or a selector. When multiple v=spf1 strings exist, merge authorized sources into one record because receivers may reject ambiguous publications. After edits, wait for TTL and compare the raw TXT field against dig +short TXT example.com. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
If no record appears, query the apex TXT directly — not _dmarc or a selector. When multiple v=spf1 strings exist, merge authorized sources into one record because receivers may reject ambiguous publications. After edits, wait for TTL and compare the raw TXT field against dig +short TXT example.com. For "multiple SPF TXT records", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
If no record appears, query the apex TXT directly — not _dmarc or a selector. When multiple v=spf1 strings exist, merge authorized sources into one record because receivers may reject ambiguous publications. After edits, wait for TTL and compare the raw TXT field against dig +short TXT example.com. For "DNS lookup limits and flattening", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
If no record appears, query the apex TXT directly — not _dmarc or a selector. When multiple v=spf1 strings exist, merge authorized sources into one record because receivers may reject ambiguous publications. After edits, wait for TTL and compare the raw TXT field against dig +short TXT example.com. For "SPF alignment with DMARC", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
If no record appears, query the apex TXT directly — not _dmarc or a selector. When multiple v=spf1 strings exist, merge authorized sources into one record because receivers may reject ambiguous publications. After edits, wait for TTL and compare the raw TXT field against dig +short TXT example.com. For "ip4, ip6, mx, and ptr mechanisms", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
How to interpret the result
SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "multiple SPF TXT records", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "DNS lookup limits and flattening", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "SPF alignment with DMARC", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
SPF (Sender Policy Framework) is published as a single TXT record at the domain apex starting with v=spf1. Receivers evaluate it during SMTP to decide whether the connecting IP is authorized to send mail for that domain. For "ip4, ip6, mx, and ptr mechanisms", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Recommended workflow
- Enter the apex domain that appears in the visible From header.
- Confirm exactly one v=spf1 TXT record is published.
- Review parsed mechanisms, terminal all, and lookup count.
- Remove deprecated ptr and permissive +all when possible.
- Pair the result with DMARC and DKIM checks on the same domain.
- Re-run after DNS TTL once includes are verified.
Tool vs manual checks
dig TXT example.com shows raw strings but does not parse mechanisms, warn on +all, or estimate lookup depth. DNS Checker lists all TXT values yet lacks SPF-specific validation. DN01 uses the same Go parser as the production API and returns shareable result pages. For "include mechanisms and third-party senders", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
dig TXT example.com shows raw strings but does not parse mechanisms, warn on +all, or estimate lookup depth. DNS Checker lists all TXT values yet lacks SPF-specific validation. DN01 uses the same Go parser as the production API and returns shareable result pages. For "terminal all qualifiers and fail modes", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
dig TXT example.com shows raw strings but does not parse mechanisms, warn on +all, or estimate lookup depth. DNS Checker lists all TXT values yet lacks SPF-specific validation. DN01 uses the same Go parser as the production API and returns shareable result pages. For "multiple SPF TXT records", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
dig TXT example.com shows raw strings but does not parse mechanisms, warn on +all, or estimate lookup depth. DNS Checker lists all TXT values yet lacks SPF-specific validation. DN01 uses the same Go parser as the production API and returns shareable result pages. For "DNS lookup limits and flattening", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
dig TXT example.com shows raw strings but does not parse mechanisms, warn on +all, or estimate lookup depth. DNS Checker lists all TXT values yet lacks SPF-specific validation. DN01 uses the same Go parser as the production API and returns shareable result pages. For "SPF alignment with DMARC", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
dig TXT example.com shows raw strings but does not parse mechanisms, warn on +all, or estimate lookup depth. DNS Checker lists all TXT values yet lacks SPF-specific validation. DN01 uses the same Go parser as the production API and returns shareable result pages. For "ip4, ip6, mx, and ptr mechanisms", treat the apex TXT as the contract receivers enforce at SMTP time. Document each mechanism, confirm lookup cost, and verify the terminal all matches your risk posture. After DNS changes, re-run the same domain to prove the publication is singular, syntactically valid, and ready for DMARC alignment.
Why use DN01
- Live apex TXT lookup
- Mechanism parsing and lookup estimate
- Multiple-record and syntax errors
- Warnings for ptr and permissive all
- Pairs with DMARC and DKIM tools
- Shareable SPF result URL
FAQ
SPF validator FAQ
v=spf1 TXT records, include mechanisms, terminal all, lookup limits and DMARC alignment.
What is an SPF DNS record?
SPF is a TXT record starting with v=spf1 that lists authorized mail sources using mechanisms such as include, ip4, mx, and all. SPF TXT basics guide
Where should SPF be published?
Publish exactly one SPF record at the domain apex (example.com), not at _dmarc or DKIM selectors.
What does -all vs ~all mean?
-all hard-fails unauthorized senders; ~all soft-fails (common during rollout); +all and ?all are permissive and risky for production.
How does DN01 validate SPF?
DN01 queries live apex TXT, finds v=spf1, parses mechanisms, estimates DNS lookups, and flags syntax or policy issues.
How does SPF relate to DMARC and DKIM?
SPF proves envelope authorization; DKIM signs messages; DMARC checks alignment and policy. Use all three tools on the same domain before enforcement.
Why do multiple SPF records fail?
Receivers may permerror when more than one v=spf1 TXT exists—merge includes into a single record.
Tool switcher
Continue with another check
Pick the next step in your domain or security workflow.
- Email Auth CheckerRun SPF, DMARC, and DKIM checks in one auditOpen
- DMARC AnalyzerDMARC policy, alignment and reporting checksOpen
- DKIM ValidatorDKIM selector lookup and record validationOpen
- DNS CheckerAll major record types in one passOpen
- DIGOne record type, resolver-style answerOpen
- Domain IP LookupA and AAAA IP addresses for a domainOpen
- Domain Age CheckerCreation date, age, registrar and expiryOpen
- WHOISRegistrar, expiry and domain statusOpen
- HTTP Header CheckerResponse headers, redirects and cachingOpen
- HTTP/2 TesterHTTP/2 support, ALPN and TLS negotiationOpen
- SSL Certificate CheckerCertificate chain, SAN and TLS versionOpen
- Blacklist CheckerDNSBL reputation for IP and domainOpen
- Punycode ConverterUnicode ↔ Punycode for IDN domainsOpen
- URL SplitterBreak a URL into parts and query paramsOpen
- Base64 CodecEncode and decode Base64 textOpen
- Password GeneratorStrong random passwords for ops workOpen
- Password Strength CheckerEntropy, crack time and password suggestionsOpen
- Passphrase GeneratorMemorable random word phrases for safer sharing testsOpen
- BIN CheckerCard brand, bank and country from BIN/IINOpen
- IP CalculatorSubnet math for IPv4 and IPv6 CIDROpen
- Browser Update CheckerBrowser version, update status and Client HintsOpen
Related articles
Practical guides for common SPF Validator tasks — DNS records, troubleshooting steps, and links to our free tools.
spf txt record basics, spf validator, v=spf1
SPF TXT record basics at the domain apex
SPF TXT record basics at the domain apex. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Read article →include mechanisms third party senders, spf validator, v=spf1
Include mechanisms and third-party senders
Include mechanisms and third-party senders. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Read article →terminal all qualifiers, spf validator, v=spf1
Terminal all qualifiers: pass, fail, softfail, neutral
Terminal all qualifiers: pass, fail, softfail, neutral. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Read article →spf dns lookup limit, spf validator, v=spf1
SPF DNS lookup limit and flattening
SPF DNS lookup limit and flattening. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Read article →spf dmarc alignment, spf validator, v=spf1
SPF alignment with DMARC enforcement
SPF alignment with DMARC enforcement. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Read article →shareable spf validator results, spf validator, v=spf1
Shareable SPF validator result pages
Shareable SPF validator result pages. SPF authorizes mail senders through a single v=spf1 TXT record published at the domain apex, not at _dmarc or DKIM selectors. DN01 returns parsed mechanisms, lookup estimates, warnings, and a shareable result URL for the same domain after DNS changes.
Read article →