Skip to content
Cloudflare API
Start here
API Reference
Email Auth
SPF
Inspect

Inspect SPF Record

client.emailAuth.spf.inspect.get(InspectGetParams { zone_id, id } params, RequestOptionsoptions?): InspectGetResponse { components, domain, record, 2 more }
GET/zones/{zone_id}/email/auth/spf/inspect

Inspects a specific SPF TXT record and returns a parsed tree structure in the spflimit-worker format.

The record ID must be provided via the id query parameter.

Returns a recursive tree showing:

  • Parsed components with their qualifiers and types
  • Nested includes recursively resolved within components
  • Per-component and total lookup counts
  • Detailed error information with context
Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
params: InspectGetParams { zone_id, id }
zone_id: string

Path param: Identifier.

maxLength32
id: string

Query param: DNS record ID (rec_tag) to inspect

ReturnsExpand Collapse
InspectGetResponse { components, domain, record, 2 more }

Recursive SPF inspection tree

components: Array<unknown>

Parsed SPF components (mechanisms)

domain: string

Domain being inspected

record: string

Raw SPF record content

total_lookups: number

Total number of DNS lookups performed across all includes

errors?: Array<Error>

All errors encountered during inspection, collected from the entire tree. This includes errors from nested includes at any depth, providing a quick overview of all issues without needing to traverse the nested structure. Each error includes a domain field to identify where it occurred. Empty array if no errors (omitted from JSON when empty).

code: string

Error code. Known values:

  • lookup_failed — DNS TXT lookup failed
  • spf_not_found — no SPF record found
  • invalid_spf — record does not start with v=spf1
  • invalid_domain — PSL validation failed
  • loop_detected — include/redirect cycle detected
  • invalid_mechanism — unrecognised or malformed mechanism
  • resource_limit_exceeded — internal resource protection limits exceeded (recursion depth or query budget)
  • max_lookups — RFC 7208 10-lookup limit exceeded
domain: string

Domain where the error occurred

message: string

Human-readable error message

details?: string

Additional error-specific details (optional).

  • For invalid_domain errors: the invalid domain string
  • For invalid_mechanism errors: the invalid mechanism text (e.g., “invalidmech123”)
  • For loop_detected errors: the domain that caused the loop
  • For other error types: not present

Inspect SPF Record

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const inspect = await client.emailAuth.spf.inspect.get({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  id: 'id',
});

console.log(inspect.components);
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "components": [
      {}
    ],
    "domain": "example.com",
    "record": "v=spf1 ip4:203.0.113.1 include:spf.example.com -all",
    "total_lookups": 2,
    "errors": [
      {
        "code": "max_lookups",
        "domain": "example.com",
        "message": "RFC 7208 10-lookup limit exceeded",
        "details": "invalid"
      }
    ]
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "components": [
      {}
    ],
    "domain": "example.com",
    "record": "v=spf1 ip4:203.0.113.1 include:spf.example.com -all",
    "total_lookups": 2,
    "errors": [
      {
        "code": "max_lookups",
        "domain": "example.com",
        "message": "RFC 7208 10-lookup limit exceeded",
        "details": "invalid"
      }
    ]
  }
}