SPF
SPF Record Null Value means an SPF mechanism's DNS lookup returned no records (a void lookup). RFC 7208 recommends limiting these to two. Learn how to fix it.
Updated Jul 1, 2026
The short answer
"SPF Record Null Value" is an MXToolbox diagnostic, not an RFC error code. It flags an SPF mechanism (usually an include:, a, or mx) whose DNS lookup returned no records — a "void lookup" per RFC 7208 §4.6.4. To fix it, find which referenced domain resolves to nothing, then correct or remove that mechanism. RFC 7208 recommends limiting void lookups to two; exceeding a validator's configured limit typically produces a PermError.
"SPF Record Null Value" is a diagnostic label used by SPF checkers like MXToolbox — it is not a reply code defined in any RFC. It means that while evaluating your SPF record, a mechanism that requires a DNS lookup (typically an include:, a, mx, or exists: term) returned no records — what RFC 7208 calls a void lookup.
There are two distinct situations that get reported under this label, and they need different fixes:
1. A referenced mechanism resolves to nothing (the common case). Your record points at a domain that no longer publishes the expected records. Per RFC 7208 §4.6.4, a void lookup is a DNS query that returns either a positive answer with zero answer records (RCODE 0, 0 answers) or a Name Error (RCODE 3 / NXDOMAIN). For example, a:mail.example.com or mx pointing at a host with no A/MX record.
For a, mx, exists:, and ptr mechanisms, a single void lookup does not by itself fail SPF. RFC 7208 §5 says a mechanism whose query returns Name Error "continues as if the server returned no error and zero answer records" — i.e., it simply does not match, and evaluation moves on. The checker still flags it because, as MXToolbox notes, a null result "is commonly an indication of a problem with the related DNS lookup" rather than something intentional.
include: is a different, higher-severity case. If include:_spf.vendor.com is flagged as a null value, don't assume it's a harmless non-match. RFC 7208 §5.2's result table maps a recursive check_host() result of none (the included domain has no SPF record at all) directly to the include mechanism returning PermError — not a silent skip. In practice, MXToolbox's own diagnostic for this case reports it plainly as "A null DNS lookup was found for include," and it is the most common real-world trigger of this label. So a null include: is more likely to actually break your SPF record's evaluation than a null a:/mx:/exists: term — treat it with higher urgency and fix it immediately rather than assuming evaluation will just move past it.
2. A literal invalid token in the record. Less often, someone has written something like v=spf1 null -all, where null is not a valid SPF mechanism or modifier. This is a true syntax error and produces a PermError (RFC 7208 §2.6.7, "the domain's published records could not be correctly interpreted"), which fails the whole record.
dig +short TXT yourdomain.com) and identify the exact term flagged as null.a/mx/exists: term, query the target — e.g. dig +short A mail.example.com. For an include: term, check whether the included domain publishes any SPF record at all — e.g. dig +short TXT _spf.vendor.com. An empty result confirms the void lookup; for include:, this specifically means the included domain's SPF result is "none," which pushes your record toward PermError.null), replace it with a valid mechanism such as ip4:, ip6:, or include:.v=spf1 (RFC 7208 §4.5). Best practice — though not a strict RFC requirement — is to end the record with an all mechanism (e.g. -all) so the policy is unambiguous; RFC 7208 §4.7 recommends this to explicitly terminate evaluation, for example:v=spf1 include:_spf.google.com ip4:198.51.100.10 -all
If the lookup returns no record at all (rather than a null mechanism inside one), that is a different result — SPF "None" (RFC 7208 §2.6.1), meaning publish an SPF record in the first place.
With Courier
include: you add actually resolves to a domain that publishes its own valid SPF record — a removed, mistyped, or SPF-less vendor include is the usual source of this warning, and for include: specifically it can produce an outright PermError rather than a harmless skip.References
FAQ
It depends on which mechanism is flagged. For a/mx/exists/ptr, a single void (null) lookup just means that mechanism doesn't match and SPF evaluation continues (RFC 7208 §5). For include:, it's different: if the included domain has no SPF record at all, RFC 7208 §5.2 says the include mechanism returns PermError directly — which does fail authentication. And regardless of mechanism type, RFC 7208 §4.6.4 recommends limiting void lookups to two; exceeding that under a validator's default settings can also produce a PermError.
One API, every provider
Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.
Reply-code definitions per RFC 7208 §4.6.4. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.
© 2026 Courier. All rights reserved.