- Plesk for Linux
How to check whether a domain has a correctly set SPF record?
Using online services
The most simple solution is to use online tools like the following below:
If there is no SPF DNS record found after test, do the following:
- Make sure that SPF, DKIM, DMARC(Onyx only) are enabled in Tools & Settings > Mail Server settings
- Make sure that DKIM signing is enabled in Domains > example.com > Mail Settings - Use DKIM spam protection system to sign outgoing email messages (optional, if required)
- Make sure that Domains > example.com > DNS Settings contains similar records
- Wait 24-32 hours for DNS propagation and check again.
Manually via SSH
Connect to the Linux server or use Terminal( How to connect to a server using SSH/RDP ):
- Try to query with a command provided by libspf2 library like as below:
# /usr/bin/spfquery_static -ip 10.20.30.40 -sender email@example.com -rcpt-to firstname.lastname@example.org
A correctly set domain will print like this (using Google as an example):
# /usr/bin/spfquery_static -ip 184.108.40.206 -sender email@example.com -rcpt-to firstname.lastname@example.org
spfquery: domain of gmail.com designates 220.127.116.11 as permitted sender
Received-SPF: pass (spfquery: domain of gmail.com designates 18.104.22.168 as permitted sender) client-ip=22.214.171.124; email@example.com;
A problematic domain looks more like this:
# /usr/bin/spfquery_static -ip 126.96.36.199 -sender firstname.lastname@example.org -rcpt-to email@example.com
Context: Failed to query MAIL-FROM
ErrorCode: (26) DNS lookup failure
Error: Temporary DNS failure for 'example.com'.
Please see http://www.openspf.org/Why?id=from%40example.com&ip=188.8.131.52&receiver=spfquery : Reason: default
spfquery: 184.108.40.206 is neither permitted nor denied by domain of example.com
Received-SPF: neutral (spfquery: 220.127.116.11 is neither permitted nor denied by domain of example.com) client-ip=18.104.22.168; firstname.lastname@example.org;
To check that DNS server has information about SPF for domain
example.com, use the
# dig -t TXT +short example.com @22.214.171.124
"v=spf1 +a +mx -all +a:server.hostname.tld"
126.96.36.199IP address of the
server.hostname.tldwhere DNS server is running.
Note that the SPF information can be written in either TXT format or as a dedicated SPF record. The latter is also sometimes referred to as a "type99" record. The SPF information needs to be in at least one of these formats. If both are used, these records must be exact copies of each other. These records are served by the same DNS server that serves
performs an SPF check in the following order: - First, it queries the DNS server for an SPF record. - If it is not defined, it tries to query for TXT. - If both attempts fail, it means there is no SPF for this domain.
For more information check Plesk Documentation and Help Portal - Sender Policy Framework System (Linux)