When MXToolbox doesn't display your SPF record despite your ESP's assertion, several factors may contribute. It is important to check if the correct domain or subdomain is being queried, and to account for DNS propagation delays. Often, the ESP controls the SPF record via the Return-Path domain. A correct TXT record with proper syntax is crucial, while the SPF record needs to stay within the DNS lookup limit of 10 and be placed at the root domain. A correct 'include' statement must exist within the SPF record which authorizes the ESP's servers or any other authorized sending source. Avoid multiple SPF records for the same domain. There may be misconfiguration in DNS configuration for the domain.
17 marketer opinions
When MXToolbox doesn't display an SPF record despite your ESP confirming it's set up, several factors could be at play. Common issues include: DNS propagation delays, checking the wrong domain (ensure you're querying the exact domain/subdomain your ESP uses), the ESP managing SPF on a shared domain, the SPF check happening on the Return-Path (MAIL FROM) rather than the visible From: address, syntax errors in the SPF record, exceeding the DNS lookup limit, SPF record not being a TXT record, high TTL settings delaying updates, SPF record existing on the wrong subdomain, and having multiple SPF records. Also, DMARC policies can indirectly impact whether emails failing SPF are displayed. Configuration errors are also possible. It's best practice to align the return-path domain and, when possible, control the SPF record directly to optimize deliverability.
Marketer view
Email marketer from Email Deliverability Blog shares while not directly related, DMARC policies rely on SPF and DKIM. If your DMARC policy is set to `p=reject` or `p=quarantine`, emails failing SPF checks might be blocked or sent to spam, even if your ESP says SPF is configured. In which case MXToolbox will not display the record.
23 Dec 2024 - Email Deliverability Blog
Marketer view
Email marketer from Email Geeks explains that since the user uses Google, they should also have include:<http://_spf.google.com|_spf.google.com> in the SPF record. They suggest copying the record from the old domain, removing anything not currently used, adding the google record, and putting in the new domain.
1 Nov 2021 - Email Geeks
2 expert opinions
When MXToolbox fails to display an SPF record that your ESP claims is configured, the issue often stems from the SPF record being associated with the Return-Path domain, which may be controlled by your ESP rather than your sending domain. Additionally, configuration errors or typos in the DNS settings for the domain can prevent the SPF record from being recognized.
Expert view
Expert from Word to the Wise explains that the SPF record that matters is the one associated with the Return-Path domain, also known as the envelope sender. It's possible your ESP is setting the Return-Path to a domain they control, and that's where the SPF record exists, not on your sending domain. So check the SPF record of the return-path not the from domain.
25 Jun 2022 - Word to the Wise
Expert view
Expert from Spam Resource explains to check that there are no typos or other DNS configuration errors for the domain in question. Many times ESPs provide guidance, but the final configuration step is still on you and there can be mistakes that are hard to catch without digging in.
23 Mar 2025 - Spam Resource
4 technical articles
When MXToolbox fails to show your SPF record despite your ESP's confirmation, it often stems from misconfiguration or limitations within the SPF record itself. Common issues include missing required 'include' statements for your email provider (e.g., Google Workspace requires `_spf.google.com`, Office 365 needs `spf.protection.outlook.com`), syntax errors within the record, or exceeding the 10 DNS lookup limit. These issues can prevent MXToolbox from correctly validating your SPF setup.
Technical article
Documentation from Microsoft explains for Office 365, you need to authorize Microsoft's servers using `include:spf.protection.outlook.com`. If this is missing, MXToolbox might not recognize your SPF setup as valid for Office 365 sending.
19 Jun 2021 - Microsoft Learn
Technical article
Documentation from IETF explains that you should check if your SPF record exceeds the 10 DNS lookup limit. MXToolbox will generally not validate if it finds an error in the SPF record. You can avoid issues by simplifying your SPF record.
4 Dec 2022 - IETF
How can I improve SPF alignment and email deliverability when using Hubspot?
What should I do if my website is on a Fastly IP range listed on Spamhaus but I don't send email from that IP?
How do I fix the MXtoolbox SPF record DNS lookup limit exceeded error?
How do I properly set up a DMARC record on Wix and when should I change the policy?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
What are SPF, DKIM, and DMARC, and when are they needed?
© 2025 Suped Pty Ltd