SPF Lookup Articles

SPF Validates the Envelope Sender, Not What You See in Your Inbox — Here's Why That Matters

SPF validates the envelope sender — the address used during SMTP delivery — not the "From" header address that recipients actually see. This means SPF can pass for an email that appears to be from ceo@bigcorp.com, because the attacker set a legitimate envelope sender from their own domain. Here's why DMARC's alignment requirement exists to close this gap, what -all vs ~all vs +all actually mean, and the SPF flattening trade-off.

Jun 18, 2026

SPF Mechanisms Deep Dive: How include:, mx, and Macros Each Consume Your 10-Lookup Budget

A single `include:` mechanism can secretly consume several of SPF's 10 allowed DNS lookups, depending on what the included record itself contains. Here's exactly how each SPF mechanism (ip4, a, mx, include, exists, ptr, redirect) consumes lookups, how macro expansion works for dynamic IP-based checks, and how mechanism ordering and qualifiers interact.

Jun 13, 2026

CAN-SPAM vs GDPR vs CASL: Email Marketing Compliance for International Senders

CAN-SPAM, GDPR, and CASL have different models (opt-out vs opt-in) and very different penalties. Here's what each requires, how they differ in a practical comparison matrix, and the compliance approach for organisations sending internationally to all three jurisdictions.

Jun 9, 2026

SPF PermError: Why the 10-Lookup Limit Breaks Email Authentication and How to Fix It

Adding third-party email services pushes SPF past the 10-lookup limit, causing PermError and DMARC failures. Here's how to count SPF lookups, why the limit is hit so easily, and the three solutions: IP replacement, flattening, and consolidation.

Jun 8, 2026

SPF Lookup — Check Any Domain's Email Authentication Record

Learn how SPF records work, what the include, ip4, and all mechanisms mean, why the 10-lookup limit matters, and how to use a free SPF lookup tool to diagnose email authentication failures.

Jun 6, 2026