code Code Preview

Python

#!/usr/bin/env python3
"""
SPF Record Checker - Email Authentication Validator
Validates SPF records for email domains
"""
import dns.resolver
import re

def check_spf_record(domain):
    """Check and validate SPF record for a domain"""
    try:
        txt_records = dns.resolver.resolve(domain, 'TXT')
        spf_records = []

        for record in txt_records:
            txt = ''.join([s.decode() if isinstance(s, bytes)
                          else s for s in record.strings])
            if txt.startswith('v=spf1'):
                spf_records.append(txt)

        if len(spf_records) == 0:
            return {'domain': domain, 'status': 'MISSING',
                    'error': 'No SPF record found'}
        elif len(spf_records) > 1:
            return {'domain': domain, 'status': 'INVALID',
                    'error': f'Multiple SPF records ({len(spf_records)})'}

        spf = spf_records[0]
        lookups = count_dns_lookups(spf)

        return {
            'domain': domain,
            'spf_record': spf,
            'dns_lookups': lookups,
            'status': 'VALID' if lookups <= 10 else 'INVALID'
        }
    except dns.resolver.NXDOMAIN:
        return {'domain': domain, 'status': 'ERROR',
                'error': 'Domain does not exist'}

def count_dns_lookups(spf_record):
    """Count DNS lookups in SPF record"""
    mechanisms = re.findall(
        r'(?:include|a|mx|exists|redirect):(\S+)', spf_record)
    return len(mechanisms)

if __name__ == '__main__':
    domain = input('Enter domain: ')
    result = check_spf_record(domain)
    print(f"Domain: {result['domain']}")
    print(f"Status: {result['status']}")
    if 'spf_record' in result:
        print(f"SPF: {result['spf_record']}")
        print(f"DNS Lookups: {result['dns_lookups']}/10")

info About This Tool

The SPF Record Checker validates Sender Policy Framework records to ensure your domain is properly configured for email authentication. SPF tells receiving servers which mail servers are authorized to send email for your domain.

Key Features

SPF Record Parser - Extracts and parses SPF records from DNS TXT entries
Syntax Validation - Validates against RFC 7208 standards
DNS Lookup Counter - Warns when approaching 10-lookup limit
IP Range Validator - Validates IPv4/IPv6 addresses and CIDR notation
Error Detection - Identifies syntax mistakes and misconfigurations

Why SPF Matters

Prevents email spoofing and phishing attacks
Improves email deliverability
Builds sender reputation with ISPs
Required for DMARC compliance

Common Issues Detected

Too many DNS lookups (>10)
Multiple SPF records (invalid)
Missing "all" mechanism
Deprecated "ptr" mechanism

Requirements

Python 3.7+
dnspython library (pip install dnspython)

Important: Each "include" mechanism adds DNS lookups. If you exceed 10 lookups, SPF validation will fail. Use IP addresses instead of includes where possible.