Product · SPF

SPF that doesn't give up at the 10th lookup.

We count your DNS lookups in real time, visualize nested includes, and warn you before your SPF record tips over due to a change at an external provider.

Start SPF check Open app

app.mailantis.eu / spf / demo-kunde.at

SPF analysis

9 of 10 lookups · 2 warnings

Lookups

9/10

Warnings

End policy

-all

Warn. Lookup limit nearly reached — consolidation recommended.

Warn. Provider "Mailchimp" has not sent for 142 days — candidate for removal.

How it works

From record to alert in three steps

Analyze the record

Mailantis reads your SPF record, expands every include recursively, and counts each lookup.

Detect drift

We check daily. If an include provider changes its record, you see it before Google does.

Suggested fix records

At a critical lookup count, we deliver an optimized record proposal — copy-and-paste ready.

Features

What you miss with manual SPF tracking.

Live DNS lookup counter (RFC 7208 §4.6.4)

Include tree visualization with depth indicator

Soft vs. hardfail recommendation per domain

SPF macro detection (prevents PermError)

Multi-record detection (two TXT = PermError)

SPF flattening proposals incl. drift warning

Continuous monitoring on provider changes

DMARC alignment check (envelope vs From)

DNS record

One record, many mechanisms

What a typical SPF record looks like

v=spf1 marks SPF version 1. include: pulls in the records of other senders (Google Workspace, Microsoft 365, newsletter tools).

-all at the end is hardfail — every sender not listed is rejected. For production domains the right choice when DMARC runs in parallel.

Watch out: every include: triggers its own DNS queries. The sum of all recursive lookups must not exceed 10.

Host: example.com · Type: TXTv=spf1 include:_spf.google.com include:spf.protection.outlook.com -all

Pricing

SPF monitoring in every plan

Monitoring

from €30/ month per domain

Daily SPF checks, include tree, drift warning, Slack/webhook alerts. Scales with domain count.

Open app

Enterprise & Partner

on request

Multi-tenancy (MSP), white-label, SSO, custom SLA, on-premise. Consolidated invoice across sub-orgs.

Get in touch

Compare all plans in detail →

FAQ

Common questions about SPF

What counts as a DNS lookup in an SPF record?

Each include:, a:, mx:, exists: and ptr: mechanism triggers a DNS lookup. The standard allows a maximum of 10 lookups (RFC 7208 §4.6.4). If the limit is exceeded, the checking server returns PermError and SPF is considered to have failed.

-all vs ~all — which variant is safe?

-all (hardfail) tells mail servers to reject non-matching mail. ~all (softfail) lets them through but flags them. For production domains with DMARC we recommend -all, since DMARC controls the policy anyway.

Can I have multiple SPF records on one domain?

No. Multiple SPF TXT records on the same host lead to PermError. Consolidate all mechanisms into a single record. Mailantis detects this collision automatically.

Is SPF flattening a good idea?

Only as a last resort. Flattening resolves includes statically and reduces lookups, but breaks on every IP change at your provider — you have to maintain the record permanently. Mailantis warns about silent drift risk.

Does Mailantis fix problems automatically?

No, automatic DNS changes would be too risky. We deliver the exact corrected record proposal — you add it at your DNS provider. Optionally via API integration with Cloudflare or AWS Route53.

Activate SPF monitoring now.

Tools landing for an instant check, or directly to continuous monitoring.

Open app Run SPF check now