Checking an SPF record with the Kitterman SPF Validator
URL Copied
If you received an email message in your Gmail inbox, Google provides easy-to-read authentication results, showing you if the email message in question properly passed SPF authentication.
But what if you want to check a proposed SPF record, a potential change, to see if it is going to work, before implementing it in DNS? Here's how I do that.
DNS consultant and smart guy Scott Kitterman has a useful-and-simple page of tools for SPF Querying and Validation. Go to this page. Scroll down to "Test an SPF record." Fill out the form, submit it, and his checking tool will tell you if the proposed SPF record passes validation.
Let's do this with my xnnd.com domain. I want to test this as a potential SPF record: v=spf1 ip6:2607:f2f8:a760::2 ip4:167.88.36.240 ip4:162.244.29.202 ip4:206.125.175.2 ip4:184.105.179.157 ip4:174.136.106.18 include:_spf.google.com ~all
I'm going to use 162.244.29.202 as my sending IP address, it's my primary email server currently.
<
For the MAIL FROM address, I put in the return-path (MFROM) address that my mailing list uses. For the HELO address, I put in what I think my server's name is from its mail software configuration. (If you're not sure, just put in bounce@(domain) in Mail From, and (domain) in HELO Address. If I had done that here, it would be bounce@xnnd.com and xnnd.com.)
Then hit the "Test SPF Record" button and you'll get a detailed response showing pass/fail (and if it failed, why it failed).
The important bit we're looking for here is "Results - PASS sender SPF authorized." That tells us that this SPF record is correct, and that mail with a message from of delivowner@xnnd.com will properly authenticate when sent from IP address 162.244.29.202, if I were to implement this SPF record in DNS.
If I was getting an error or I had typo'd something, I could hit the "back" button in my browser, make corrects, and test again.
If you received an email message in your Gmail inbox, Google provides easy-to-read authentication results, showing you if the email message in question properly passed SPF authentication.
But what if you want to check a proposed SPF record, a potential change, to see if it is going to work, before implementing it in DNS? Here's how I do that.
DNS consultant and smart guy Scott Kitterman has a useful-and-simple page of tools for SPF Querying and Validation. Go to this page. Scroll down to "Test an SPF record." Fill out the form, submit it, and his checking tool will tell you if the proposed SPF record passes validation.
Let's do this with my xnnd.com domain. I want to test this as a potential SPF record: v=spf1 ip6:2607:f2f8:a760::2 ip4:167.88.36.240 ip4:162.244.29.202 ip4:206.125.175.2 ip4:184.105.179.157 ip4:174.136.106.18 include:_spf.google.com ~all
I'm going to use 162.244.29.202 as my sending IP address, it's my primary email server currently.
< For the MAIL FROM address, I put in the return-path (MFROM) address that my mailing list uses. For the HELO address, I put in what I think my server's name is from its mail software configuration. (If you're not sure, just put in bounce@(domain) in Mail From, and (domain) in HELO Address. If I had done that here, it would be bounce@xnnd.com and xnnd.com.)
Then hit the "Test SPF Record" button and you'll get a detailed response showing pass/fail (and if it failed, why it failed).
The important bit we're looking for here is "Results - PASS sender SPF authorized." That tells us that this SPF record is correct, and that mail with a message from of delivowner@xnnd.com will properly authenticate when sent from IP address 162.244.29.202, if I were to implement this SPF record in DNS.
If I was getting an error or I had typo'd something, I could hit the "back" button in my browser, make corrects, and test again.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.