# SPF # Inspect ## Inspect SPF Record `client.EmailAuth.SPF.Inspect.Get(ctx, params) (*SPFInspectGetResponse, error)` **get** `/zones/{zone_id}/email/auth/spf/inspect` Inspects a specific SPF TXT record and returns a parsed tree structure in the spflimit-worker format. The record ID must be provided via the `id` query parameter. Returns a recursive tree showing: - Parsed components with their qualifiers and types - Nested includes recursively resolved within components - Per-component and total lookup counts - Detailed error information with context ### Parameters - `params SPFInspectGetParams` - `ZoneID param.Field[string]` Path param: Identifier. - `ID param.Field[string]` Query param: DNS record ID (rec_tag) to inspect ### Returns - `type SPFInspectGetResponse struct{…}` Recursive SPF inspection tree - `Components []unknown` Parsed SPF components (mechanisms) - `Domain string` Domain being inspected - `Record string` Raw SPF record content - `TotalLookups int64` Total number of DNS lookups performed across all includes - `Errors []SPFInspectGetResponseError` All errors encountered during inspection, collected from the entire tree. This includes errors from nested includes at any depth, providing a quick overview of all issues without needing to traverse the nested structure. Each error includes a `domain` field to identify where it occurred. Empty array if no errors (omitted from JSON when empty). - `Code string` Error code. Known values: - `lookup_failed` — DNS TXT lookup failed - `spf_not_found` — no SPF record found - `invalid_spf` — record does not start with `v=spf1` - `invalid_domain` — PSL validation failed - `loop_detected` — include/redirect cycle detected - `invalid_mechanism` — unrecognised or malformed mechanism - `resource_limit_exceeded` — internal resource protection limits exceeded (recursion depth or query budget) - `max_lookups` — RFC 7208 10-lookup limit exceeded - `Domain string` Domain where the error occurred - `Message string` Human-readable error message - `Details string` Additional error-specific details (optional). - For `invalid_domain` errors: the invalid domain string - For `invalid_mechanism` errors: the invalid mechanism text (e.g., "invalidmech123") - For `loop_detected` errors: the domain that caused the loop - For other error types: not present ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_auth" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) inspect, err := client.EmailAuth.SPF.Inspect.Get(context.TODO(), email_auth.SPFInspectGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), ID: cloudflare.F("id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", inspect.Components) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "components": [ {} ], "domain": "example.com", "record": "v=spf1 ip4:203.0.113.1 include:spf.example.com -all", "total_lookups": 2, "errors": [ { "code": "max_lookups", "domain": "example.com", "message": "RFC 7208 10-lookup limit exceeded", "details": "invalid" } ] } } ```