SPFmonitor - Check your email security

Basic Policy

Default Policy *

Soft Fail (~all)
Mark unauthorized emails as suspicious but allow delivery. Recommended for most domains.

Fail (-all)
Reject unauthorized emails completely. Use only when you are confident about your setup.

Neutral (?all)
No policy specified. Not recommended for production use.

Pass (+all)
Allow all emails. Defeats the purpose of SPF - not recommended.

Recommendation: Use Soft Fail (~all) for most domains. It provides protection while being forgiving of configuration issues.

Authorized Email Sources

Domain A/AAAA records (a)
Allow the domain itself to send emails

MX records (mx)
Allow mail servers listed in MX records to send emails

Additional Domains (a: mechanism) Domains allowed to send emails for you. One per line. "a:" will be added automatically.

IPv4 Addresses IPv4 addresses or CIDR ranges. One per line.

IPv6 Addresses IPv6 addresses or CIDR ranges. One per line.

Include External SPF Records External SPF records to include. Common services: Google (_spf.google.com), Microsoft (spf.protection.outlook.com), Salesforce (_spf.salesforce.com). One per line.

Expert zone: These settings are for advanced users who understand SPF mechanisms. Most domains can skip this section.

Exists Mechanisms (exists) Advanced DNS-based validation. Use only if you understand SPF macros.

Custom Mechanisms Custom SPF mechanisms. Advanced users only.

SPF Analysis

SPF Designer

Basic Policy

Authorized Email Sources

SPF Record Editor

Detailed Scoring 0/100

SPF

SPF Analysis

SPF Designer

Basic Policy

Authorized Email Sources

Advanced Options (for experts - usually not needed)

SPF Record Editor

Detailed Scoring 0/100

SPF