spfquery

Validate SPF email authentication records

TLDR

Check SPF record

$ spfquery -ip [192.168.1.1] -sender [user@example.com]

Query domain

$ spfquery -ip [ip] -sender [email] -helo [mail.example.com]

Debug mode

$ spfquery -debug -ip [ip] -sender [email]

Show version

$ spfquery -version

SYNOPSIS

spfquery [-ip addr] [-sender email] [-helo hostname] [options]

spfquery validates Sender Policy Framework (SPF) records by checking whether a given IP address is authorized to send email on behalf of a domain. It queries the domain's DNS SPF record and evaluates the sending IP against the published policy.The tool returns standard SPF result codes: pass, fail, softfail, neutral, none, temperror, or permerror. It is useful for mail server administrators to debug SPF configurations, verify that DNS records are correct, and troubleshoot email delivery issues caused by SPF failures.As part of the libspf2 library, spfquery implements the full SPF specification including mechanism evaluation, macro expansion, and redirect/include processing.

PARAMETERS

-ip ADDR

Client IP address.

-sender EMAIL

Envelope sender.

-helo HOST

HELO hostname.

-debug

Debug output.

-version

Show version.

-rcpt-to EMAIL

Envelope recipient address (for secondary MX checking).

-help

Show help.

CAVEATS

Requires DNS connectivity to resolve SPF records. SPF records must exist for the queried domain. Result codes require proper interpretation for policy enforcement.