How to Fix SPF Record Errors and Stop Emails Going to Spam

Published April 2026 · DNS Health Scan

SPF (Sender Policy Framework) is an email authentication standard that prevents spammers from sending emails that appear to come from your domain. If your SPF record is missing, wrong or has errors, your legitimate emails are far more likely to land in spam — and spammers can impersonate your domain with ease.

What Is an SPF Record?

An SPF record is a DNS TXT record that lists all the servers and services authorised to send email from your domain. When a receiving mail server gets an email claiming to be from you, it checks your SPF record to verify the sending server is on the list. If it's not, the email fails SPF and is treated with suspicion.

How to Find Your Current SPF Record

You can look up your SPF record using a tool like MXToolbox, or by running a DNS lookup: dig TXT yourdomain.com | grep spf. Your SPF record will start with 'v=spf1'. If nothing comes back, you don't have one — which is a critical problem.

Common SPF Record Errors

The most frequent issues we find include: no SPF record at all, multiple SPF records (you can only have one), too many DNS lookups (the limit is 10 — exceeding it means SPF always fails), using +all (which means anyone can send as you), and not including all email sending services.

How to Write a Correct SPF Record

A basic SPF record looks like: v=spf1 include:_spf.google.com ~all. This allows Google's servers to send email for your domain and softfails (marks as suspicious but doesn't block) anything else. Replace the include: with the correct include for your email provider — Office 365, G Suite, Mailchimp, etc. all have their own SPF includes.

The DNS Lookup Limit Problem

SPF has a hard limit of 10 DNS lookups. Each 'include:' in your record costs one lookup, and some includes trigger further lookups themselves. If you use multiple email services (transactional email, CRM, helpdesk, newsletter tool), you can easily exceed the limit. The fix is to use SPF flattening to collapse all includes into a single list of IP addresses.

Testing Your SPF Record

After making changes, test your SPF record using our free DNS scanner or MXToolbox. Send a test email to a Gmail account and check the original message headers — look for 'Received-SPF: pass' or 'spf=pass'. If it shows 'fail' or 'softfail', your SPF is still broken.

SPF Alone Is Not Enough

SPF only prevents spoofing at the envelope level. Without DKIM and DMARC working alongside it, sophisticated spoofing attacks can still succeed. Our Full Audit plan sets up all three — SPF, DKIM and DMARC — to give you complete email authentication.

Misconfigured SPF records are one of the most common causes of emails going to spam. If you're not confident editing DNS records yourself, our Quick Fix plan resolves SPF issues within 24 hours and includes a before-and-after scan to confirm it's working.

Need Help Implementing This?

Our UK-based experts can handle every fix for you. Fast turnaround, plain English report.

Book a Fix — From £49