spfquery

Check if an IP address is allowed to send an e-mail from the specified e-mail address

$ spfquery -ip [8.8.8.8] -sender [sender@example.com]

$ spfquery -ip [8.8.8.8] -sender [sender@example.com] --debug

spfquery [OPTIONS] sender_IP envelope_from [helo_identity]
spfquery [OPTIONS] -i input_file

-s
    Specifies the IP address of the sending host.

-l
    Specifies the envelope-from email address (e.g., user@example.com).

-h
    Specifies the HELO/EHLO identity provided by the sending host.

-i
    Reads query parameters from a specified file, with one query per line. Each line should contain sender_IP envelope_from [helo_identity].

-r
    Specifies the recipient address (optional, primarily for specific policy testing that might depend on recipient).

-d
    Specifies the domain to query directly, overriding the domain derived from the envelope-from address.

-v
    Enables verbose output, showing details of DNS queries and evaluation steps.

-t
    Sets the DNS query timeout in seconds.

-o
    Overrides the SPF record for testing purposes, allowing direct input of an SPF string instead of performing a DNS lookup.

-x
    Provides an explanation of the SPF result.

-p
    Prints the parsed SPF record.

--version
    Displays the program's version number and exits.

--help
    Shows a help message and exits.

spfquery is a command-line utility used to test and debug Sender Policy Framework (SPF) DNS records. It simulates an email reception scenario by taking a sender's IP address, an envelope-from (sender's email) address, and an optional HELO/EHLO identity.

The tool then performs a DNS lookup for the SPF record associated with the domain of the envelope-from address and evaluates it against the provided input parameters. This allows administrators to verify if their SPF records are correctly configured and if incoming emails would pass, fail, or softfail based on the defined policies. It's an invaluable tool for email server administrators and security professionals to ensure proper email authentication and combat spam and phishing.

spfquery relies on DNS lookups; therefore, network connectivity and correct DNS configuration are crucial for its operation.

It simulates the SPF check process based on the protocol specifications; however, actual email server behavior might differ slightly depending on the specific Mail Transfer Agent's (MTA) SPF implementation or local policies. This tool focuses solely on SPF and does not consider other email authentication methods like DKIM or DMARC.

spfquery typically outputs the SPF result (e.g., "Pass", "Fail", "SoftFail", "Neutral", "None", "PermError", "TempError") followed by an optional reason or explanation. The exit code of the command indicates the success or failure of the query itself (0 for successful query and SPF result, non-zero for internal errors like network issues or invalid arguments).

To check an email originating from 192.0.2.1, with an envelope-from address of user@example.com, and a HELO name of mail.example.com, you would use:
spfquery -s 192.0.2.1 -l user@example.com -h mail.example.com

SPF (Sender Policy Framework) was developed as an email authentication method to prevent sender address forgery. spfquery emerged as a vital tool to help administrators implement and test SPF records effectively. It is commonly found as part of the spf-tools package or the pyspf Python module, reflecting its development within the Python ecosystem for email and DNS handling. Its design and usage have remained consistent, making it a primary utility for debugging SPF configuration issues.

dig(1), host(1), nslookup(1)