But what if you want to check a proposed SPF record, a potential change, to see if it is going to work, before implementing it in DNS? Here's how I do that.
DNS consultant and smart guy Scott Kitterman has a useful-and-simple page of tools for SPF Querying and Validation. Go to this page. Scroll down to "Test an SPF record." Fill out the form, submit it, and his checking tool will tell you if the proposed SPF record passes validation.
Let's do this with my xnnd.com domain. I want to test this as a potential SPF record: v=spf1 ip6:2607:f2f8:a760::2 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 include:_spf.google.com ~all
I'm going to use 22.214.171.124 as my sending IP address, it's my primary email server currently.
For the MAIL FROM address, I put in the return-path (MFROM) address that my mailing list uses. For the HELO address, I put in what I think my server's name is from its mail software configuration. (If you're not sure, just put in bounce@(domain) in Mail From, and (domain) in HELO Address. If I had done that here, it would be email@example.com and xnnd.com.)
Then hit the "Test SPF Record" button and you'll get a response something like this one:
The important bit we're looking for here is "Results - PASS sender SPF authorized." That tells us that this SPF record is correct, and that mail with a message from of firstname.lastname@example.org will properly authenticate when sent from IP address 126.96.36.199, if I were to implement this SPF record in DNS.
If I was getting an error or I had typo'd something, I could hit the "back" button in my browser, make corrects, and test again.