SPF Surveyor

The SPF Surveyor is an SPF diagnostic tool that presents a graphical view of SPF records. The graphical view allows people to quickly identify which servers are authorized to send on behalf of a domain. (Note that this diagnostic tool focuses on domain-level authentication and largely ignores the portions of SPF that deal with the local parts of email addresses.)


(view DMARC record)
microsoft.com
Error present! Receivers are unable to use this SPF record to determine authenticity:
  • Too many DNS lookups (count=11)

11 DNS-querying mechanisms/modifiers required to resolve record (maximum of 10 allowed).

95 authorized netblocks (92,155 authorized individual IPv4 addresses). Authorized netblocks produce SPF "pass" results (as opposed to "neutral", "fail", or "softfail").

Access/bookmark this survey at https://dmarcian.com/spf-survey/microsoft.com

SPF record:

Nodes with children can be clicked on to expand.

Record analysis:

DNS-querying mechanisms/modifiers:

The SPF record authorizes 95 individual netblocks using 11 DNS-querying mechanisms/modifiers. The maximum number of DNS-querying mechanisms/modifiers is 10.

This record is considered broken and can be fixed by reducing the number of DNS-querying mechanisms/modifiers.

Duplicate netblock authorization:

No duplication of netblocks is present, and this is good.

Record flattening (experimental!):

The dmarcian.com SPF Record Flattener (experimental!) rewrites this record by removing duplicate netblocks, collapsing any overlapping netblocks, and using 3 DNS-querying mechanisms/modifiers. Each SPF record is kept to less than 512 bytes to fit into a single UDP packet (assuming no other TXT records are sharing the DNS label).

NOTE: this approach does not take into account administrative or domain boundaries, and is meant to show that "minified" SPF records are possible. The presence of unusual qualifiers, macros, and creative semantics will likely yield less than optimal results.

domainrecord
microsoft.comv=spf1 ip4:37.188.97.188 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.54.121.124/31 ip4:65.54.190.0/24 ip4:65.54.241.0/24 ip4:65.55.34.0/24 ip4:65.55.42.224/28 ip4:65.55.52.224/27 ip4:65.55.81.54/31 ip4:65.55.83.128/27 ip4:65.55.88.0/24 ip4:65.55.90.0/24 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.169.0/24 ip4:65.55.234.192/26 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:86.61.88.25 ip4:94.236.119.0/26 ip4:94.245.112.0/27 include:spf1.microsoft.com ~all
spf1.microsoft.comv=spf1 ip4:111.221.26.0/27 ip4:131.107.0.0/16 ip4:134.170.132.0/24 ip4:134.170.140.0/24 ip4:147.243.1.47 ip4:147.243.1.48 ip4:147.243.128.24/31 ip4:147.243.128.26 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:157.55.40.32/27 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.206.0/23 ip4:157.55.234.0/24 ip4:157.56.73.0/24 ip4:157.56.87.192/26 ip4:157.56.91.0/27 ip4:157.56.96.0/19 ip4:157.56.192.0/19 ip4:185.28.196.0/22 include:spf2.microsoft.com ~all
spf2.microsoft.comv=spf1 ip4:199.15.212.0/22 ip4:202.177.148.100 ip4:202.177.148.110 ip4:203.32.4.25 ip4:203.122.32.250 ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:207.46.50.72 ip4:207.46.50.82 ip4:207.46.50.192/26 ip4:207.46.51.64/26 ip4:207.46.52.71 ip4:207.46.52.79 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.117.0/24 ip4:207.46.163.0/24 ip4:207.46.200.0/27 ip4:213.199.128.139 ip4:213.199.128.145 ip4:213.199.138.181 ip4:213.199.138.191 ip4:213.199.154.0/24 include:spf3.microsoft.com ~all
spf3.microsoft.comv=spf1 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:216.99.5.67 ip4:216.99.5.68 ip4:217.77.141.52 ip4:217.77.141.59 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ~all