How to Check, Test and Validate SPF Record in DNS is Correct and Valid

SPF record in the domain DNS tree level is the new tool to combat email spam that trying to forge or spoof sender SMTP MAIL FROM and Return-Path from your domain zone. However, incorrect or misconfiguration of SPF definitions may lead to email been discarded prematurely, bounced and not delivered to intended recipients. Thus it’s good practice to test, verify and validate to ensure the SPF policy does not erroneously cause outbound emails to fail and unaccepted by relay mail server.

My Digital Life provides SPF Validation - Sender Profile Framework Testing and Checking Tool, a simple checker and tester for domain SPF record using DNSStuff service. Simply enter the SPF string that wants to test, or enter the domain or email address for auto discovery of SPF value, and IP address of the mail server, the tool will return SPF validation result for the emails that originate from that server on whether it will accepted.

Python Based SPF Record Testing Tools have several tests. Administrators can retrieves SPF records for the specified domain name, determines if the SPF record is valid, check if SPF record is syntactically correct and valid (useful before publishing SPF on DNS) and full test on SPF by evaluating the performance of SPF record based on different IP addresses that mail might come from.

Vamsoft has SPF Checker which perform the same test with the utility My Digital Life provides above, and SPF Syntax Validator to verify that syntax of the SPF string is correct.

If you don’t know the IP address or host name of the SMTP mail server that sends the outbound email out for your domain, there is simpler and easier method to check and test the SPF record. Simply send an email from the domain with SPF to test to auth-results@verifier.port25.com. An Authentication Report will be sent back to the email account inbox after a few minutes with complete details and results of summary, SPF check, DomainKeys check, DKIM check, and Sender-ID check. A typical reply quoted here, some information has been masked to protect from spam spider:

This message is an automatic response from Port25’s authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at .

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass

==========================================================
Details:
==========================================================

HELO hostname: host.mydigitallife.info
Source IP: 75.127.69.98
mail-from: xxxxx@xxxxxxx.xxx

———————————————————-
SPF check details:
———————————————————-
Result: pass
ID(s) verified: smtp.mail=xxxxx@xxxxxxx.xxx
DNS record(s):
mydigitallife.info. 3600 IN TXT “v=spf1 ip4:75.127.69.98 mx a:host.mydigitallife.info mx:mydigitallife.info ~all”

———————————————————-
DomainKeys check details:
———————————————————-
Result: neutral (message not signed)
ID(s) verified: header.From=xxxxx@xxxxxxx.xxx
DNS record(s):

———————————————————-
DKIM check details:
———————————————————-
Result: neutral (message not signed)
ID(s) verified:
DNS record(s):

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25’s PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

———————————————————-
Sender-ID check details:
———————————————————-
Result: pass
ID(s) verified: header.From=xxxxx@xxxxxxx.xxx
DNS record(s):
mydigitallife.info. 3600 IN TXT “v=spf1 ip4:75.127.69.98 mx a:host.mydigitallife.info mx:mydigitallife.info ~all”

Return Path also provides a SenderID Test similar to above email verification service, except that the it uses one time random email address that you suppose to send to, auto-generated when you visit the website, and validator won’t automatically reply to your email with validation report. Instead, webmasters will need to enter their email address on the box provided on the same web page to get the results.

If you need to set up SPF record for your domain, check out this SPF guide.

Share and contribute or get technical support and help at My Digital Life Forums.



3 Responses to “How to Check, Test and Validate SPF Record in DNS is Correct and Valid”

  1. davidw
    November 22nd, 2007 05:19
    1

    hi, auth-results@verifier.port25.com is exactly what I need. From some test sites, I know my SPF is right, but when send to one click I got “SPF lookup failed”, so I need a real test, I think auth-results@verifier.port25.com is right for that, but it seems auth-results@verifier.port25.com doesn’t exist anymore. Any idea?

  2. dissappointed
    December 11th, 2007 23:01
    2

    auth-results@verifier.port23.com is not a valid address. Relevant portion of the bounce message below:

    Reporting-MTA: dns;verifier.port25.com
    Received-From-MTA:
    Arrival-Date: Tue, 11 Dec 2007 09:46:34 -0500

    Final-Recipient: rfc822;auth-results@verifier.port25.com
    Action: failed
    Status: 5.1.1 (bad destination mailbox address)
    X-PowerMTA-BounceCategory: bad-mailbox

  3. Gary
    January 7th, 2008 13:51
    3

    That email address doesn’t work anymore. They changed it to check-auth@verifier.port25.com

    You can find out more about it at http://www.port25.com/auth/

    Another good site to use for testing is http://senderid.espcoalition.org/

    Both of these addresses were working as of January 6, 2008.

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe without commenting


Custom Search

New Articles

Incoming Search Terms for the Article

spf test - spf check - test spf - spf checker - check spf - test spf record - verify spf record - check spf record - spf record test - spf record check - check spf records - verify spf - spf tester - DKIM check - spf validator - spf verify - dns tester - validate spf record - spf record checker - DNS spf - spf dns - spf checking - test spf records - validate spf - DNS SPF check - dkim dns record - check spf record for domain - spf verifier - verify spf records - check spf - spf record tester - test dkim - testing SPF record - DomainKeys check - spf testing - test my spf - dns spf test - spf syntax check - DomainKey Checker - spf record verify - all - check my spf - spf dns check - check DKIM - dkim checker - domainkey test - check domain spf record - dns record test - senderid check - check my spf record - dns check spf - test my spf record - testing SPF records - SPF validate - domainkey check - test dns records - spf record - tester spf - SPF record tool - how to verify SPF record - check SPF syntax - auth-results@verifier.port25.com - check dns spf record - spf record validation - dkim dns records - spf check test - check dns spf - test spf dns - how to test SPF records - test dns spf - check spf domain - spf and dns - dkim tester - check dns records - spf check tool -