How to Check, Test and Validate SPF Record in DNS is Correct and Valid

SPF record in the domain DNS tree level is the new tool to combat email spam that trying to forge or spoof sender SMTP MAIL FROM and Return-Path from your domain zone. However, incorrect or misconfiguration of SPF definitions may lead to email been discarded prematurely, bounced and not delivered to intended recipients. Thus it’s good practice to test, verify and validate to ensure the SPF policy does not erroneously cause outbound emails to fail and unaccepted by relay mail server.

My Digital Life provides SPF Validation - Sender Profile Framework Testing and Checking Tool, a simple checker and tester for domain SPF record using DNSStuff service. Simply enter the SPF string that wants to test, or enter the domain or email address for auto discovery of SPF value, and IP address of the mail server, the tool will return SPF validation result for the emails that originate from that server on whether it will accepted.

Python Based SPF Record Testing Tools have several tests. Administrators can retrieves SPF records for the specified domain name, determines if the SPF record is valid, check if SPF record is syntactically correct and valid (useful before publishing SPF on DNS) and full test on SPF by evaluating the performance of SPF record based on different IP addresses that mail might come from.

Vamsoft has SPF Checker which perform the same test with the utility My Digital Life provides above, and SPF Syntax Validator to verify that syntax of the SPF string is correct.

If you don’t know the IP address or host name of the SMTP mail server that sends the outbound email out for your domain, there is simpler and easier method to check and test the SPF record. Simply send an email from the domain with SPF to test to auth-results@verifier.port25.com. An Authentication Report will be sent back to the email account inbox after a few minutes with complete details and results of summary, SPF check, DomainKeys check, DKIM check, and Sender-ID check. A typical reply quoted here, some information has been masked to protect from spam spider:

This message is an automatic response from Port25’s authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at .

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass

==========================================================
Details:
==========================================================

HELO hostname: host.mydigitallife.info
Source IP: 75.127.69.98
mail-from: xxxxx@xxxxxxx.xxx

———————————————————-
SPF check details:
———————————————————-
Result: pass
ID(s) verified: smtp.mail=xxxxx@xxxxxxx.xxx
DNS record(s):
mydigitallife.info. 3600 IN TXT “v=spf1 ip4:75.127.69.98 mx a:host.mydigitallife.info mx:mydigitallife.info ~all”

———————————————————-
DomainKeys check details:
———————————————————-
Result: neutral (message not signed)
ID(s) verified: header.From=xxxxx@xxxxxxx.xxx
DNS record(s):

———————————————————-
DKIM check details:
———————————————————-
Result: neutral (message not signed)
ID(s) verified:
DNS record(s):

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25’s PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

———————————————————-
Sender-ID check details:
———————————————————-
Result: pass
ID(s) verified: header.From=xxxxx@xxxxxxx.xxx
DNS record(s):
mydigitallife.info. 3600 IN TXT “v=spf1 ip4:75.127.69.98 mx a:host.mydigitallife.info mx:mydigitallife.info ~all”

Return Path also provides a SenderID Test similar to above email verification service, except that the it uses one time random email address that you suppose to send to, auto-generated when you visit the website, and validator won’t automatically reply to your email with validation report. Instead, webmasters will need to enter their email address on the box provided on the same web page to get the results.

If you need to set up SPF record for your domain, check out this SPF guide.

Share and contribute or get technical support and help at My Digital Life Forums.

Related Articles

• SPF Validation - Sender Profile Framework Testing and Checking Tool
• How to Set Up and Create Sender Policy Framework (SPF) Domain DNS TXT Record with Wizard
• Lowest Number MX Record Points to Local Host Rejected RCPT Error
• Domain Does Not Have Any NS Records Error at DNSStuff.com or DNSReport.com
• Email Bounces Back with “unrouteable mail domain” Error
• New Samsung SPF-72V Digital Photo Frame With Wi-Fi Connectivity
• IBM Server Stops or Hangs with 0581 on LCD Display
• How to Test Broadband Connection
• Secure and Speed Up Internet Surfing with OpenDNS
• Unable to Connect to Internet in Virtual PC with NAT Shared Networking NAT on Windows XP Guest

This entry was posted on Wednesday, August 8th, 2007 at 2:44 pm and is filed under Webmaster Resources. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.