Log in
CaptainDNS

Propagation & diagnostics

Compare resolvers worldwide and inspect returned answers.

Email authentication

Tools to verify and validate your email authentication setup.

SPF syntax validator

Review include chains and DNS query limits before publishing changes.

SPF record inspector

Resolve the published TXT record, flag lookup limits and decode each mechanism.

DKIM syntax validator

Quickly check the syntax of your DKIM records.

DKIM record check

Resolve a selector and analyse the published DKIM TXT record.

DMARC syntax validator

Check rua/ruf destinations, alignment modes and the active policy before publishing.

DMARC record inspector

Resolve the published policy, surface diagnostics and confirm enforcement before switching to reject.

BIMI syntax validator

Validate BIMI tags, the logo fetch and the VMC certificate before publishing.

BIMI record inspector

Resolve the published BIMI record, inspect logo and VMC diagnostics in one place.

Email deliverability audit

Audit MX, SPF, DKIM and DMARC to confirm a domain is ready to send.

Mail header analyzer

Decode participants, authentication results and routing from raw headers.

DMARC record generator

Create compliant DMARC records with all policy and reporting options.

Text

Transform, encode and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Images

Preview and validate your BIMI logos before publishing.

BIMI logo lookup

Inspect a BIMI logo URL—format, metadata and live rendering—before rollout.

Certificates

Inspect CSRs, BIMI logos and VMC certificates before you deploy.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate—issuer, validity and SAN coverage—before you publish BIMI.

IP

Look up addresses, owners, reverse records and ranges.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

SPF syntax checker

Understand the structure of an SPF record

Sender Policy Framework (SPF) describes which servers are allowed to send mail for a domain. The policy lives in a TXT record beginning with v=spf1 followed by mechanisms and modifiers. This page explains what the validator inspects and how to interpret the API response.

Anatomy of an SPF policy

An SPF rule is a list of space separated terms. Each term may start with a qualifier (+, -, ~, ?), followed by a mechanism name (such as ip4, mx, include) or a modifier (redirect=, exp=).

v=spf1 ip4:203.0.113.0/24 include:_spf.example.net -all

Mandatory elements

  • v=spf1 — the version tag must be present and placed at the beginning of the record.
  • Mechanisms — at least one mechanism (for example ip4, ip6, mx, include) defines the authorised senders.
  • Terminal directive — a final mechanism (-all, ~all, ?all or +all) completes the policy and tells recipients how to handle unmatched mail.

Optional modifiers

  • include: chains another SPF record and triggers extra DNS lookups.
  • redirect= delegates the evaluation to a different domain. It must be the last term and cannot appear with all.
  • exp= points to a TXT record containing an explanation message. It is deprecated and only informational.

Frequent pitfalls detected by the tool

  1. Record too long. SPF strings longer than 450 characters are rejected by the validator.
  2. Unknown or duplicated terms. Misspelled mechanisms and repeated modifiers are flagged as errors.
  3. Invalid IP prefixes or domains. The validator checks the syntax of CIDR ranges and hostnames.
  4. Lookup limits exceeded. SPF processing stops after 10 DNS lookups, including include, mx, a, ptr and exists.
  5. Neutral or permissive policies. Qualifier ? and +all reduce the protection level and appear as warnings.

Best practices before publishing

  • Keep the policy concise and remove unused mechanisms to stay below lookup limits.
  • Prefer ip4 and ip6 ranges managed by your organisation or service provider.
  • Document who maintains each include chain and review the delegated domains regularly.
  • Test the final record with this validator, then query DNS once deployed to confirm propagation.

By validating the syntax ahead of publication you reduce the risk of a broken SPF policy and avoid lengthy troubleshooting when messages start to bounce.