SPF

SPF record null value

SPF Record Null Value means an SPF mechanism's DNS lookup returned no records (a void lookup). RFC 7208 recommends limiting these to two. Learn how to fix it.

Updated Jul 1, 2026

The short answer

"SPF Record Null Value" is an MXToolbox diagnostic, not an RFC error code. It flags an SPF mechanism (usually an include:, a, or mx) whose DNS lookup returned no records — a "void lookup" per RFC 7208 §4.6.4. To fix it, find which referenced domain resolves to nothing, then correct or remove that mechanism. RFC 7208 recommends limiting void lookups to two; exceeding a validator's configured limit typically produces a PermError.

"SPF Record Null Value" is a diagnostic label used by SPF checkers like MXToolbox — it is not a reply code defined in any RFC. It means that while evaluating your SPF record, a mechanism that requires a DNS lookup (typically an include:, a, mx, or exists: term) returned no records — what RFC 7208 calls a void lookup.

What causes an SPF Record Null Value?

There are two distinct situations that get reported under this label, and they need different fixes:

1. A referenced mechanism resolves to nothing (the common case). Your record points at a domain that no longer publishes the expected records. Per RFC 7208 §4.6.4, a void lookup is a DNS query that returns either a positive answer with zero answer records (RCODE 0, 0 answers) or a Name Error (RCODE 3 / NXDOMAIN). For example, a:mail.example.com or mx pointing at a host with no A/MX record.

For a, mx, exists:, and ptr mechanisms, a single void lookup does not by itself fail SPF. RFC 7208 §5 says a mechanism whose query returns Name Error "continues as if the server returned no error and zero answer records" — i.e., it simply does not match, and evaluation moves on. The checker still flags it because, as MXToolbox notes, a null result "is commonly an indication of a problem with the related DNS lookup" rather than something intentional.

include: is a different, higher-severity case. If include:_spf.vendor.com is flagged as a null value, don't assume it's a harmless non-match. RFC 7208 §5.2's result table maps a recursive check_host() result of none (the included domain has no SPF record at all) directly to the include mechanism returning PermError — not a silent skip. In practice, MXToolbox's own diagnostic for this case reports it plainly as "A null DNS lookup was found for include," and it is the most common real-world trigger of this label. So a null include: is more likely to actually break your SPF record's evaluation than a null a:/mx:/exists: term — treat it with higher urgency and fix it immediately rather than assuming evaluation will just move past it.

2. A literal invalid token in the record. Less often, someone has written something like v=spf1 null -all, where null is not a valid SPF mechanism or modifier. This is a true syntax error and produces a PermError (RFC 7208 §2.6.7, "the domain's published records could not be correctly interpreted"), which fails the whole record.

How do I fix an SPF Record Null Value?

  1. Run a full SPF check (MXToolbox SPF Record Lookup or dig +short TXT yourdomain.com) and identify the exact term flagged as null.
  2. Resolve the referenced name directly. For an a/mx/exists: term, query the target — e.g. dig +short A mail.example.com. For an include: term, check whether the included domain publishes any SPF record at all — e.g. dig +short TXT _spf.vendor.com. An empty result confirms the void lookup; for include:, this specifically means the included domain's SPF result is "none," which pushes your record toward PermError.
  3. Correct or remove the dead term. If the vendor changed their include domain, update it to the current value from their docs. If the service is no longer used, delete the mechanism. If it was a typo (e.g. a literal null), replace it with a valid mechanism such as ip4:, ip6:, or include:.
  4. Watch the void-lookup budget. RFC 7208 §4.6.4: implementations SHOULD limit void lookups to two by default (this is a configurable recommendation, not a hard protocol ceiling). A third void lookup can tip the record into PermError under a typical validator's default configuration, so clean these up rather than ignoring them.
  5. Keep the structure valid. The record must begin with exactly v=spf1 (RFC 7208 §4.5). Best practice — though not a strict RFC requirement — is to end the record with an all mechanism (e.g. -all) so the policy is unambiguous; RFC 7208 §4.7 recommends this to explicitly terminate evaluation, for example:
v=spf1 include:_spf.google.com ip4:198.51.100.10 -all

If the lookup returns no record at all (rather than a null mechanism inside one), that is a different result — SPF "None" (RFC 7208 §2.6.1), meaning publish an SPF record in the first place.

With Courier

If you send through Courier, authorize Courier's documented sending mechanism in your SPF record per Courier's deliverability docs, and make sure any third-party include: you add actually resolves to a domain that publishes its own valid SPF record — a removed, mistyped, or SPF-less vendor include is the usual source of this warning, and for include: specifically it can produce an outright PermError rather than a harmless skip.

FAQ

Common questions

It depends on which mechanism is flagged. For a/mx/exists/ptr, a single void (null) lookup just means that mechanism doesn't match and SPF evaluation continues (RFC 7208 §5). For include:, it's different: if the included domain has no SPF record at all, RFC 7208 §5.2 says the include mechanism returns PermError directly — which does fail authentication. And regardless of mechanism type, RFC 7208 §4.6.4 recommends limiting void lookups to two; exceeding that under a validator's default settings can also produce a PermError.

One API, every provider

Stop debugging raw provider errors

Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.

Reply-code definitions per RFC 7208 §4.6.4. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.