SPF Surveyor

The SPF Surveyor is an SPF diagnostic tool that presents a graphical view of SPF records. The graphical view allows people to quickly identify which servers are authorized to send on behalf of a domain. (Note that this diagnostic tool focuses on domain-level authentication and largely ignores the portions of SPF that deal with the local parts of email addresses.)


(view DMARC record)
microsoft.com

9 DNS-querying mechanisms/modifiers required to resolve record (maximum of 10 allowed).

97 authorized netblocks (160,373 authorized individual IPv4 addresses). Authorized netblocks produce SPF "pass" results (as opposed to "neutral", "fail", or "softfail").

Access/bookmark this survey at https://dmarcian.com/spf-survey/microsoft.com

SPF record:

Nodes with children can be clicked on to expand.

Record analysis:

DNS-querying mechanisms/modifiers:

The SPF record authorizes 97 individual netblocks using 9 DNS-querying mechanisms/modifiers. The maximum number of DNS-querying mechanisms/modifiers is 10.

This record utilizes a considerable number of DNS-querying mechanisms/modifiers. Attention should be paid to determine if the number of DNS-querying mechanisms/modifiers should be reduced.

Duplicate netblock authorization:

No duplication of netblocks is present, and this is good.

Record flattening (experimental!):

The dmarcian SPF Record Flattener (experimental!) rewrites this record by removing duplicate netblocks, collapsing any overlapping netblocks, and using 3 DNS-querying mechanisms/modifiers. Each SPF record is kept to less than 512 bytes to fit into a single UDP packet (assuming no other TXT records are sharing the DNS label).

NOTE: this approach does not take into account administrative or domain boundaries, and is meant to show that "minified" SPF records are possible. The presence of unusual qualifiers, macros, and creative semantics will likely yield less than optimal results.

domainrecord
microsoft.comv=spf1 ip4:23.103.144.0/19 ip4:23.103.191.0/24 ip4:23.103.198.0/23 ip4:23.103.200.0/21 ip4:23.103.208.0/21 ip4:23.103.224.0/19 ip4:23.130.156.0/22 ip4:37.188.97.188 ip4:64.4.22.64/26 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.54.121.124/31 ip4:65.54.190.0/24 ip4:65.54.241.0/24 ip4:65.55.34.0/24 ip4:65.55.42.224/28 ip4:65.55.52.224/27 ip4:65.55.81.54/31 ip4:65.55.88.0/24 ip4:65.55.90.0/24 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.169.0/24 include:spf1.microsoft.com -all
spf1.microsoft.comv=spf1 ip4:65.55.234.192/26 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:86.61.88.25 ip4:94.236.119.0/26 ip4:94.245.112.0/27 ip4:103.237.104.0/22 ip4:104.47.0.0/17 ip4:111.221.26.0/27 ip4:131.107.0.0/16 ip4:134.170.132.0/24 ip4:134.170.140.0/24 ip4:147.243.1.47 ip4:147.243.1.48 ip4:147.243.128.24/31 ip4:147.243.128.26 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:157.55.133.0/25 ip4:157.55.158.0/23 include:spf2.microsoft.com -all
spf2.microsoft.comv=spf1 ip4:157.55.234.0/24 ip4:157.56.87.192/26 ip4:157.56.110.0/23 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:185.28.196.0/22 ip4:192.28.128.0/18 ip4:199.15.212.0/22 ip4:202.177.148.100 ip4:202.177.148.110 ip4:203.32.4.25 ip4:203.122.32.250 ip4:206.191.224.0/19 ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:207.46.50.72 ip4:207.46.50.82 ip4:207.46.50.192/26 ip4:207.46.51.64/26 ip4:207.46.52.71 ip4:207.46.52.79 ip4:207.46.100.0/24 include:spf3.microsoft.com -all
spf3.microsoft.comv=spf1 ip4:207.46.101.128/26 ip4:207.46.108.0/25 ip4:207.46.117.0/24 ip4:207.46.163.0/24 ip4:207.46.200.0/27 ip4:213.199.128.139 ip4:213.199.128.145 ip4:213.199.138.181 ip4:213.199.138.191 ip4:213.199.154.0/24 ip4:213.199.180.0/24 ip4:216.32.181.0/24 ip4:216.99.5.67 ip4:216.99.5.68 ip4:217.77.141.52 ip4:217.77.141.59 ip6:2a01:111:f400::/48 ip6:2a04:35c0::/29 -all