SPF Check

This tool will help you to check the SPF record of a domain name.


About this tool

This tool lookups the SPF record of a given domain name, follows include and redirect directives, and resolves A and MX directives.

Structure of an SPF entry

Each SPF record starts with a version number; the current SPF version with "v=spf1". Any number of expressions follow, evaluated in order from front to back. Most of the terms, in this case, are so-called directives defining the authorization of the sender and consist of an optional qualifier and a so-called mechanism that, for a given situation (IP address), results in either a hit or no hit. The first mechanism, which is a hit, determines the result of the entire evaluation of the SPF record.

SPF Qualifiers

QualifiersResultDescription
+Passthe directive defines authorized senders (default value, if no qualifier is specified, + is assumed)
-Failthe directive defines unauthorized transmitters
~SoftFailthe directive defines unauthorized senders, but the receiver should treat this failure generously; this qualifier is intended for testing purposes
?Neutralthe directive defines transmitters, about whose legitimacy nothing is to be said; The transmitter must be accepted.

SPF Mechanisms

MechanismsDescription
allalways
aan A (or AAAA) record of the queried (or explicitly specified) domain contains the IP address of the sender
mxan MX record of the queried (or explicitly specified) domain contains the IP address of the sender
ip4the specified IPv4 address is the IP address of the sender or the specified IPv4 subnet contains it.
ip6the specified IPv6 address is the IP address of the sender or the specified IPv6 subnet contains it.
redirectIP address of the sender is legitimized by the SPF record of another domain
includean additional SPF request to the domain specified in the include statement contains the IP address of the sender

Frequently Asked Questions

Cybersecurity or IT security protects networks, computer systems, and devices from theft or damage to their hardware and software or the data they process and from disruption or misuse of the services and functions they provide. The information is both private and business, which in turn may be personal. Overall, cybersecurity is often (but not only) directed against cybercrime. Among the most significant challenges is the lack of global, centralized cybersecurity institutions and global agreements and regulations to detect and combat cybercrime and bring about cyber resilience.
A cyberattack can lead to identity theft and blackmail attempts on an individual level. Personal data, such as credit card details or family photos, can also be stolen. Critical infrastructures, such as power plants, hospitals, and financial service providers, are essential to the functioning of our society. In addition, industrial espionage is one of the most significant risks for companies.
These presentations aim at Analysts, Security Managers, Web Developers, Software Engineers, Administrators, DevOps, DevSecOps, Team Leads, Manager, CISO, CTO, and other Executives. The slide decks serve as an introduction and provides knowledge on all aspects of the subject area. To put it straight: Benefit from these online presentations and get more insights into the cybersecurity space.
These presentations introduce the topics and convey the contents, in short, concise slides. It is crucial that the contents are as self-explanatory as possible and that the topic areas with the essential information are outlined.
Cybersecurity is a vast field, and it is probably impossible to know everything or every detail. For this reason, many more courses will follow in the coming months to ensure the broadest possible coverage.
As you might imagine, cybersecurity is a broad field. Therefore, it is probably impossible to cover everything. It would go beyond the scope to write everything down. Hence, these slide decks are not intended to be exhaustive but will provide a good starting point.