SPF Record Check
In order to implement SPF you will need to have a valid SPF record. DMARC Analyzer provides a SPF Record Checker to validate your SPF record.
We can also pre-validate an update you intend to apply to your record to prevent issues popping up after the update was done. We recommend you to carefully test any updates to your SPF records before applying them.
The SPF Record Checker will test and validate your record for:
- SPF record existence
Logically we require a SPF record in the DNS so we can validate it.
- Multiple SPF records in DNS
You can only have 1 SPF record in DNS for each SPF version. If you publish multiple SPF records (v=spf1), this will invalidate your SPF record. Therefor always update your SPF record and do not place a new record aside the existing record.
- Maximum lookups
When using SPF you can only do 10 (nested) DNS lookups. Please check our knowledgebase article for more information about this subject.
- PTR mechanism used
We recommend not to use PTR as this is a deprecated mechanism and several senders may (completely) ignore your SPF record if you use this.
- Unknown parts founds
We have detected content which is not in the SPF specification.
- +all mechanism used
If you use the mechanism ‘all’ with a “+” qualifier this would mean you would basically allow anybody to send mail on your behalf. The record will first try to match the sending source to another mechanism. If this fails, the default behavior is to still allow this source. Therefor this setup is discouraged.
- Invalid macro
Our SPF record checker will try to validate SPF macro’s you use. Using some example data we will give examples of the lookups receivers may do based on your macro setup.
- Record termination missing
A SPF record should always have a ‘default’ fallback mechanism. This can either be an ‘all’ mechanism or a ‘redirect’ modifier. We check if you end your SPF record with either of these.
- Multiple fallback scenarios
A SPF record should have 1 fallback scenarios. You have defined multiple.
- DNS type “SPF” used
You have published your SPF record in a DNS type SPF. This DNS type ‘SPF’ (/99) was introduced in RFC 4408 in 2006. However this type become obsolete by RFC 7208 which states: SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR)
- Uppercase SPF
You used uppercase characters in your SPF record. Although it is no requirement, it is a best practice to publish your SPF records lowercase.
After running your SPF record through all these checks you can safely update your SPF record in your DNS!