Checks and Validation issues are two essential DMARCwise features that help you discover issues with your SPF configuration and DNS record.

They evaluate the adherence of the configuration to standards and best practices, to ensure best compatibility and interoperability.

You can see checks results and validation status in the dashboard, by choosing a domain and then selecting the SPF overview tab.

Checks

Checks is a feature that helps you identify potential issues and misconfigurations with your domain. It focuses on industry best practices and tries to highlight improvements that could be applied to the domain’s configuration.

We scan your domain to identify the issues hourly, or whenever a change (like a new SPF record) is detected. When you make changes to your domain’s configuration, allow some time for the checks to refresh.

Here’s and example of how checks results look like:

SPF checks list

How it works

Each check tells you what the scanner expected according to standards and best practises, and the colored icon signals whether the expectation was met.

The status of each check can either be:

  • Ok → no action needed.
  • Warning → a potential issue was detected and attention is needed.
  • Error → an invalid configuration was detected and it must be fixed as soon as possible. SPF won’t work properly if you don’t fix this.
  • Suggestion → it’s a best practice to enable or configure the specified feature.
  • Not applicable → some checks aren’t always applicable, for example if there’s no SPF record the other checks will be disabled.

List of SPF checks

We currently perform the following SPF checks:

  • SPF must be configured.
  • There must be only a single SPF record. Multiple records are an invalid configuration that prevents SPF from working.
  • SPF record must be syntactically valid. See below for more details.
  • SPF record should use ~all. Learn more about why we recommend using ~all instead of -all or other qualifiers.

Record validation

We scan all SPF records through our SPF record parser, which is capable of analyzing the syntax to identify issues that could prevent SPF from working properly with mail servers.

Our SPF analyzer supports all the SPF features and syntax variants and is heavily tested with hundreds of automated tests.

Here’s an example of how the validation issues list looks like:

SPF record validation issues list example

We validate the record to make sure that:

  • No leading whitespace is present.
  • A fallback mechanism (all) or modifier (redirect) is present.
  • No directives are found after the all mechanism.
  • No conflicting redirect and all are present.
  • All mechanism names are valid.
  • All modifier names are valid.
  • All mechanism values are correctly formatted.
  • All modifier values are correctly formatted.
  • No duplicate modifiers are found.
  • No misplaced domain or network specification is detected.
  • No deprecated mechanisms (ptr) are present.