Resolving SPF Records
SPF (Sender Policy Framework) is a mechanism to improve email delivery by specifying which hosts are permitted to send email claiming to be from a particular domain. The SPF record on a domain is a TXT value which begins v=spf1 and contains various syntax which eventually resolves a series of addresses.
Part of the syntax can be include:<fully-qualified-domain> which is a pointer to another record containing further addresses. This is often used to provide a single reference that domain name administrators can use to reference third-party email hosts without needing to update it whenever the third-party service updates their systems. For example, the reference for Office 365 is include:spf.protection.outlook.com, for Gmail it is include:_spf.google.com and Mailchimp is include:servers.mcsv.net.
When troubleshooting mail delivery it may be necessary to expand this syntax to IP addresses. This can be done as follows:
Open a command prompt and enter:
nslookup -q=TXT <domain> 18.104.22.168
This command fetches the TXT records for <domain> using Google DNS (22.214.171.124). Look for any TXT records starting with v=spf1. If those lines contain include:<DNS> syntax, issue a new command to expand this value:
nslookup -q=TXT <DNS> 126.96.36.199
Continue this process until the TXT records no longer contain include: commands.