Troubleshooting Sender Policy Framework (SPF) failures


A Sender Policy Framework (SPF) failure makes it more difficult for a mailbox provider to determine your identity, which may result in some email being placed in the spam or junk folder.

Common scenarios

  • An SPF record does not exist for your Mail-From (MFrom) domain.
  • You changed email service providers recently and are sending from a new domain or new IP addresses. The SPF record may be missing one or more IP addresses.
  • The SPF record may not be configured correctly in the Domain Name System (DNS).
  • The SPF record may have been created under the sending domain instead of the return-path (MFrom) domain.


One of the more robust tools for troubleshooting SPF issues is Kitterman's SPF Query Tool.

To troubleshoot SPF problems using the SPF Query Tool:

  1. Check the DNS for an SPF record for your Mail-From (MFrom) address.
    1. Type in the domain name.
    2. Select Get SPF Record (if any).
If no SPF record is found, generate one and add it to the domain DNS.
  1. Check your SPF record to ensure it is syntactically correct and has no invalid characters. 
    1. Enter the MFrom address and your valid SPF record.
    2. Select Check SPF Record.
The test shows syntax-related issues that you should fix.
  1. Conduct a full test of the SPF record to ensure the sending IP address is included in the SPF record.
    1. Enter the sending IP address that you want to test, the SPF record, and the full MFrom address.
    2. Select Test SPF Record.
If the results show that the sending IP address is not part of the SPF record, it needs to be added.

If you do not have full control of the MFrom (for example, if you are using an Email Service Provider [ESP]), work with the party that controls the domain to make changes to the SPF record.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request