This is a work in progress, and not quite ready for primetime
McAfee Site Advisor: Ticketing service to fixed McAfee content blocking
ReturnPath Block List Lookup: IP Address blacklist
ReturnPath Sender Score: IP Address Reputation Score
Talos Reputation: IP and Domain Reputation
Email Authentication Tools
BIMI & Other
An SPF record is a DNS record that has to be added to the DNS zone of your domain. In this SPF record you can specify which IP addresses and/or hostnames are authorized to send email from the specific domain.
The mail receiver will use the “envelope from” address of the mail (mostly the Return-Path header) to confirm that the sending IP address was allowed to do so. This will happen before receiving the body of the message. When the sending email server isn’t included in the SPF record from a specific domain the email from this server will be marked as suspicious and can be rejected by the email receiver.
What SPF doesn’t do
SPF is a great technique to add authentication to your emails. However it has some limitations which you need to be aware of.
SPF does not validate the “From” header. This header is shown in most clients as the actual sender of the message. SPF does not validate the “header from”, but uses the “envelope from” to determine the sending domain
SPF will break when an email is forwarded. At this point the ‘forwarder’ becomes the new ‘sender’ of the message and will fail the SPF checks performed by the new destination.
SPF lacks reporting which makes it harder to maintain
Key technical points
SPF record should not cause more than 10 DNS calls, including "includes", "mx" and "a" records
You can directly insert IP address to reduce the number of look-ups
Each SPF record cannot exceed 512 bytes, which is approximately 460 characters taking into account overhead (478 less the length of the record's hostname to be more exact.) In addition, each record can contain 2 text strings, each no longer than 255 characters.
You only need to set an "all" flag on the primary SPF record.