top of page

SPF record troubleshooting

  1. Make sure that you have an SPF record in the domain that you use as your Return-Path domain.

  2. Make sure that you have an SPF record in your HELO/EHLO domain in case of bounces where the Return-Path domain is empty.

  3. Make sure there is a single SPF record per domain.

  4. Make sure that the SPF record syntax is correct.

  5. Make sure that your Return-Path domain aligns with the From domain.

  6. Make sure that your authorised senders are part of the SPF record.

  7. Make sure that unauthorised senders are not in your SPF record.

  8. Make sure that you do not go over the 10 DNS lookup limit imposed by SPF.

9. Make sure that deprecated SPF record mechanisms such as the “ptr” mechanism are

not used in your SPF record.

SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier. If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit. The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated.

10. Make sure that your SPF record starts with "v=spf1"

SPF record format:-

15 views0 comments


bottom of page