The Problem
I'm writing a small tool to help make it easier for myself to quickly assess the validity of an email by inspecting its headers. The tool isn't for customer use or public release, its just meant for my own use.
Every now and then I'll be given a suspicious email to look into, and one of the things I would like to do is check to make sure that the mailserver where the email originated from is listed in the supposed sender's SPF records.
Some of the emails will have a different email in the "From" header than the "Return-Path" header, or will originate from an unknown mailserver. Occasionally an email will have two email addresses in the "From" header, (such as From: "Jane Doe ([email protected])" <[email protected]>), and I'd like to check that the originating mailserver is included in the SPF records for both the "abc.com" and "xyz.com" domains.
The Question
- Are there any libraries or APIs which would allow me to check a mailserver's IP address against a sending domain's SPF records automatically, or should I simply recurse through each layer of the SPF records and build a list of all approved mailserver IP addresses, then check the IP address of the sending mailserver against that list, or is there some subtletly that I am missing?
What I've Looked Into So Far
I like to think that I've had a somewhat good look around for something which does this already, but I was unable to find anything that suited my needs. The topic can be a little difficult to search for, as generally any search results are flooded with either people asking about how to set up SPF records, or how to check that their SPF record is correct, and not people looking to validate a mailserver against a sending domain.
I'm using C# to write the tool, so anything C#/WinForms/NuGet would be ideal, but is not necessary.
I've started down the path of manually looking up the DNS records for a domain by using The ARSoft.Tools.Net project, but quickly decided that it might not be the best way to approach the problem, as I'd potentially need to recurse through multiple layers of DNS records, (say for example if the record had an "include" domain), and handle edge cases, etc.