SPF Why?
Explains your SPF checker results.
Check Result
Fail
Details
SPF check by mx1.xel.nl
for samy@ascha.org
in scope mfrom
has result fail
because 82.94.246.3
matches -all
in SPF record:
v=spf1 mx include:spf.xel.nl -all
Form
Use the form below if you want to do a manual SPF check:
Documentation
This tool can be used to explain SPF check results by including a parameterized link in logs and error messages, or by manualy querying the API. It copies the simple API at open-spf.org/Why and can be used as an alternative in e.g. policyd-spf
.
API Usage
There is one endpoint: /
.
It accepts a GET request with the following query parameters:
Required | Name | Parameter | Default | Examples |
---|---|---|---|---|
Versions | v | 1 | v=1 | |
Scope | s | mfrom | s=helo | |
* | Identity | id | id=user@example.com, id=mta.example.com | |
* | IP-address | ip | ip=169.254.0.7, ip=fe80::2a:7 | |
Receiver | r | unknown | r=mx.example.com |
Example
GET /?id=user@example.net&ip=169.254.0.7&v=1&s=mfrom&r=mx.example.com
HEAD Request
Alternatively, you can send a HEAD request where the result code, and other details for the check, will be in the response headers as:
X-SPF-Why-Result-Code: fail X-SPF-Why-Result-Mechanism: -all X-SPF-Why-Query-Versions: 1 X-SPF-Why-Query-Scope: mfrom X-SPF-Why-Query-Id: user@example.net X-SPF-Why-Query-Ip: 169.254.0.7 X-SPF-Why-Query-Receiver: mx.example.com
Content Types
You can use other content types besides the default text/html
. Specifically: application/json
and text/plain
.
Example JSON response:
{ "query": { "versions": [ "1" ], "scope": "mfrom", "identity": "user@example.net", "ip": "169.254.0.7", "receiver": "mx.example.com" }, "result": { "code": "fail", "mechanism": "-all" } }
Example plaintext response:
SPF check by mx.example.com for user@example.net in scope mfrom has result fail because 169.254.0.7 matches -all in SPF record: v=spf1 -all
About
This tool uses mlocati/spf-lib for SPF heavy lifting.
Hosting by xel.
Samy Ascha, samy@ascha.org.