#dns #domain #email #spf #trace

app spftrace

Utility for tracing SPF queries

5 releases

Uses new Rust 2021

new 0.1.0 Jun 22, 2022
0.0.4 Jun 19, 2022
0.0.3 May 30, 2022
0.0.2 May 21, 2022
0.0.1 May 12, 2022

#121 in Email

Download history 8/week @ 2022-05-06 28/week @ 2022-05-13 26/week @ 2022-05-20 27/week @ 2022-05-27 32/week @ 2022-06-03 1/week @ 2022-06-10 46/week @ 2022-06-17

106 downloads per month




The spftrace utility is a tool for executing, analysing, and displaying SPF queries. SPF is specified in RFC 7208.

This utility executes an SPF query with IP address and domain and shows the result graphically as an evaluation tree.

This utility uses the viaspf library to execute SPF queries. The viaspf library can trace a query as it executes and makes the trace available as structured data in its API. spftrace then analyses this data and displays it.

Thanks to the underlying execution engine being a real, RFC-conformant SPF implementation, spftrace handles all SPF policies correctly. Less well-known features of SPF such as macros, dual CIDR prefix lengths, exp modifiers, or the void lookup limit are all evaluated according to spec.


The spftrace utility is a Rust program. Install it with Cargo as usual:

cargo install --locked spftrace

The minimum supported Rust version is 1.56.1.


Pass a sender identity (an email address or a domain name) and an IP address to spftrace.

Use the unspecified IP address or :: to display the full evaluation tree of some SPF-enabled domain.

spftrace example.com
│   "v=spf1 mx include:spf.example.com ~all"
├── mx → example.com (lookups: 1/10, nested: 2/10)
│   ├── mx1.example.com
│   │   ├──
│   │   ├──
│   │   └──
│   └── mx2.example.com
│       └──
│   not-match
├── include:spf.example.com → spf.example.com (lookups: 2/10)
│   spf.example.com
│   │   "v=spf1 ip4: ip4: ip6:2c0f:fb50:4000::/36
│   │    ip6:2001:4860:4000::/36 ~all"
│   ├── ip4: not-match
│   ├── ip4: not-match
│   ├── ip6:2c0f:fb50:4000::/36 not-match
│   ├── ip6:2001:4860:4000::/36 not-match
│   └── all match result=softfail
│   not-match
└── all match result=softfail

For details, refer to the included man page spftrace(1). (You can view the man page without installing by passing the file path to man: man ./spftrace.1)


Unit tests are in separate module tests. Specify a test name and pass the --show-output test binary option to run and visually check some test. For example:

cargo test ptr -- --show-output


Copyright © 2022 David Bürgin

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.


~254K SLoC