Free Tool

SPF Record Checker

Exceeding 10 DNS lookups in your SPF record causes a permerror — and a permerror fails the same as no SPF at all. Look up your record, see every mechanism parsed, and find out if you're already over the limit.

The SPF Problems That Silently Break Deliverability

The 10-lookup limit — the most common SPF mistake

SPF allows a maximum of 10 DNS-querying mechanisms (include, a, mx, ptr). Every ESP you add uses 1–3 lookups. Klaviyo + SendGrid + Google Workspace + Mailchimp + HubSpot = 5–8 lookups before custom IPs. When you hit 11, receiving servers return a permerror, which fails authentication the same as no SPF.

Why ~all and +all are putting you in spam

~all (soft fail) tells servers that unauthorized senders should be treated with suspicion — but not necessarily rejected. Most servers pass soft-fail emails. +all effectively authorizes every IP on the internet to send for your domain. The correct setting is -all: hard fail unauthorized senders.

Multiple SPF records are invalid

You can only have one SPF TXT record per domain. If two TXT records starting with v=spf1 exist, the entire SPF check returns a permerror. This commonly happens when a new IT admin adds a second record instead of editing the existing one.

SPF and subdomain sending

Your SPF record on the root domain does not cover subdomains automatically. If you send from noreply@mail.yourcompany.com, you need a separate SPF record at mail.yourcompany.com — or the DMARC alignment check will fail even if the root SPF passes.

Fix Your Authentication Stack

SPF Record Builder → DMARC Checker → DKIM Checker → Deliverability Check →

Learn More

↗

SPF, DKIM, and DMARC Explained

Why exceeding 10 DNS lookups silently breaks authentication and what to do about it.

↗

The Complete Email Deliverability Guide

Authentication as the foundation of the four deliverability pillars.

Why We Built This Tool

InboxEagle sees domains hit the 10-lookup SPF limit within weeks of adding a new ESP. Teams rarely realize it happened because the permerror is silent — receiving servers reject the mail without notifying the sender. This tool shows you exactly where you stand so you can consolidate ESPs or use SPF flattening before it tanks your inbox rate.

What Goes Wrong Without This

SPF failures happen for two reasons: either the record is misconfigured with a syntax error or typo, or the lookup count is too high. Either way, mail servers return a permerror, which fails authentication the same as no SPF at all. The email either bounces at the gateway or gets tagged for the spam folder.

Who This Tool Is For

E-commerce & DTC Brands

Teams juggling Shopify, Klaviyo, Mailchimp, and SendGrid who hit the 10-lookup limit without realizing it when moving to a new platform.

Email Marketing Agencies

Agencies managing client domains who need to audit SPF health across dozens of accounts and flag misconfigured records before they cause problems.

B2B SaaS & Outbound Teams

SaaS companies running sales sequences through multiple platforms (HubSpot, Outreach, Apollo) where SPF validation is a prerequisite for cold email success.

Frequently Asked Questions

What is an SPF record?

SPF (Sender Policy Framework) is a TXT record published on your domain that tells receiving mail servers which IP addresses are authorized to send email on your behalf. Without SPF, ISPs can't verify you're really who you claim to be.

What does 'permerror' mean?

A permerror (permanent error) is returned when your SPF record has a syntax error or exceeds the 10-DNS-lookup limit. A permerror fails the same as a missing SPF record — the email fails authentication and is often rejected or filtered to spam.

How many ESPs can I add to my SPF record?

That depends on how many DNS lookups each ESP requires. Most ESPs use 1–3 lookups. With a 10-lookup limit, you can typically add 3–5 major ESPs before hitting the limit. This tool counts your exact lookups so you know where you stand.

Do I need an InboxEagle account to use this tool?

No. This tool is completely free and requires no account or sign-up. InboxEagle provides it as a standalone resource for email marketers, developers, and agencies.

Your SPF Changes the Day You Add a New ESP. Are You Watching?

InboxEagle monitors your SPF record daily — detecting changes, lookup count increases, and new mechanisms added by your team or third-party services. You get an immediate alert when the record changes and a weekly digest showing your full authentication health. Trusted by 2,000+ brands.

Start Free 14-Day Trial

No credit card required · Cancel anytime

Not ready yet? See how SPF Monitoring works →