Log in
CaptainDNS

Propagation & diagnostics

Compare resolvers worldwide and inspect returned answers.

Email authentication

Tools to verify and validate your email authentication setup.

SPF syntax validator

Review include chains and DNS query limits before publishing changes.

SPF record inspector

Resolve the published TXT record, flag lookup limits and decode each mechanism.

DKIM syntax validator

Quickly check the syntax of your DKIM records.

DKIM record check

Resolve a selector and analyse the published DKIM TXT record.

DMARC syntax validator

Check rua/ruf destinations, alignment modes and the active policy before publishing.

DMARC record inspector

Resolve the published policy, surface diagnostics and confirm enforcement before switching to reject.

BIMI syntax validator

Validate BIMI tags, the logo fetch and the VMC certificate before publishing.

BIMI record inspector

Resolve the published BIMI record, inspect logo and VMC diagnostics in one place.

Email deliverability audit

Audit MX, SPF, DKIM and DMARC to confirm a domain is ready to send.

Mail header analyzer

Decode participants, authentication results and routing from raw headers.

DMARC record generator

Create compliant DMARC records with all policy and reporting options.

Text

Transform, encode and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Images

Preview and validate your BIMI logos before publishing.

BIMI logo lookup

Inspect a BIMI logo URL—format, metadata and live rendering—before rollout.

Certificates

Inspect CSRs, BIMI logos and VMC certificates before you deploy.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate—issuer, validity and SAN coverage—before you publish BIMI.

IP

Look up addresses, owners, reverse records and ranges.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

SPF record inspector

How to make the most of the SPF record inspector

Collect the domain you want to test and pick the resolver or DoH endpoint if you need to reproduce a specific path. The tool queries TXT records, highlights SPF policies and exposes lookup warnings before they turn into hard failures.

Prepare the domain

Enter the exact domain used in the envelope sender or HELO/EHLO greeting. The inspector fetches all TXT answers and keeps only those starting with v=spf1.

Validate changes quickly

Run the check after every modification: new include, IP4/IP6 ranges or redirects. Compare resolvers to ensure caching layers and public services observe the same TXT payload.

Decode diagnostics instantly

Warnings reveal lookup limits, duplicate mechanisms or weak endings such as +all. Error badges point to missing SPF records, CNAME chains or DNS failures.

Why inspect an SPF record?

Sender Policy Framework determines which servers can send mail for your domain. Monitoring the published record is essential when providers add new ranges or when multiple teams update the policy simultaneously. The inspector queries DNS live, decodes each mechanism and flags misconfigurations before recipients reject messages.

When should you launch an inspection?

  • Provider onboarding: confirm their include chain resolves correctly and does not exceed lookup limits.
  • Incident response: understand why a receiving server reports SPF fail or permerror for a campaign.
  • Change control: document every adjustment to the TXT record and ensure the expected mechanism order is preserved.

What happens during the analysis?

The tool requests TXT responses, filters SPF entries and expands includes when possible. It counts DNS lookups, examines mechanisms (ip4, ip6, a, mx, exists, ptr) and modifiers (redirect=, exp=). Each child record gets its own report so you can track where a lookup failed or where the budget of 10 queries is spent.

Using the form

  1. Type the domain exactly as published in DNS.
  2. Submit the request to gather all TXT answers.
  3. Review the raw SPF policies first, then open the detailed analysis cards to inspect mechanisms and warnings.

Go further

Combine the inspector with the SPF syntax validator to test drafts before publication. Once the record is live, monitor DMARC aggregate reports to catch regressions, and schedule periodic lookups to detect upstream changes from third-party senders.