SPF (Sender Policy Framework) plays an important role in electronic mail and is one of the cornerstones on which DMARC is based. It is therefore important to monitor SPF and the SPF record to prevent it from causing issues to email delivery.

For more information about SPF, visit our learn articles:

DMARCwise helps you monitor SPF by continuously scanning and analyzing the SPF records of your domains. Records are not only parsed but also fully evaluated to detect issues that may arise during real email processing, such as exceeding the DNS lookup limit.

Our SPF analyzer supports all the SPF features and syntax variants and is heavily tested with hundreds of automated tests. SPF records are refreshed periodically, approximately every 6 hours.

SPF record overview

To see the SPF record discovered by DMARCwise, head over to the dashboard, choose a domain and select the SPF tab.

SPF overview page

The SPF record is parsed by our systems and presented visually. Most of the times, you’ll only see the directives table, but there can be two tables:

  • Directives are the rules by which SPF determines whether a source IP is authorized.
    • They’re composed of a mechanism (like include, all, and ip4) and a qualifier (+ for pass, ~ for softfail, - for fail, ? for neutral).
    • The directives table presents you each directive with simple natural language, making it easier to understand what your SPF record does. (Importantly, no information present in the record is omitted in this representation.)
  • Modifiers are additional rules that alter the SPF record handling. The most common modifier is redirect, which is evaluated only if no mechanism matches and instructs the SPF verifier to instead use the SPF record of the specified domain. An example is shown in the following image.

SPF overview page with the modifiers table

At any time, you can see the raw SPF DNS record string at the bottom.

SPF resolution chain

SPF records often depend on other SPF records and DNS lookups through mechanisms like include, redirect, a, and mx. DMARCwise expands that dependency tree in the Resolution chain section, so you can see how your published record is evaluated beyond the first TXT record.

Use it to understand where DNS lookups are spent, which third-party includes are part of your SPF configuration, whether the chain stays within SPF limits, and where loops, missing records, DNS errors, dynamic macro-based terms, or slow lookups appear.

Learn more in SPF resolution chain.

SPF resolution chain section

Checks and validation issues

Checks and Validation issues are two features that help you discover issues with your SPF configuration and DNS record.

They evaluate the adherence of the configuration to standards and best practices, to ensure best compatibility and interoperability.

Learn more about these features in Checks and validation.