But what if you want to check a proposed SPF record, a potential change, to see if it is going to work, before implementing it in DNS? Here's how I do that.
DNS consultant and smart guy Scott Kitterman has a useful-and-simple page of tools for SPF Querying and Validation. Go to this page. Scroll down to "Test an SPF record." Fill out the form, submit it, and his checking tool will tell you if the proposed SPF record passes validation.
Let's do this with my xnnd.com domain. I want to test this as a potential SPF record: v=spf1 ip6:2607:f2f8:a760::2 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199 include:_spf.google.com ~all
I'm going to use 188.8.131.52 as my sending IP address, it's my primary email server currently.
For the MAIL FROM address, I put in the return-path (MFROM) address that my mailing list uses. For the HELO address, I put in what I think my server's name is from its mail software configuration. (If you're not sure, just put in [email protected](domain) in Mail From, and (domain) in HELO Address. If I had done that here, it would be [email protected] and xnnd.com.)
Then hit the "Test SPF Record" button and you'll get a response something like this one:
The important bit we're looking for here is "Results - PASS sender SPF authorized." That tells us that this SPF record is correct, and that mail with a message from of [email protected] will properly authenticate when sent from IP address 184.108.40.206, if I were to implement this SPF record in DNS.
If I was getting an error or I had typo'd something, I could hit the "back" button in my browser, make corrects, and test again.