This document describes how to use dig/nslookup to find SPF, DKIM, and DMARC records for a domain on Email Security Appliance (ESA) and Cloud Email Security (CES).
Both nslookup and dig commands are supported on current ESA/CES Async OS releases. These commands can be executed through SSH/CLI access to the appliance.
Cisco recommends that you have knowledge of these topics:
ESA running Async OS 10.0 or higher.
Administrative access to the appliance.
The information in this document is based on all supported ESA hardware models and virtual appliances running Async OS 10.0 or higher.
In order to verify version information of the appliance from the CLI, enter the version command. In the GUI, navigate to Monitor > System Status.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any commands.
Sample outputs provided are for domains cisco.com and gmail.com, similar commands can be used for other domains as well.
SPF lookups can be performed using these formats:
nslookup domain txt
dig domain txt
Note: Substitute the word domain with the corresponding domain you would like to lookup.
For domains with multiple TXT records published, nslookup may fail to list SPF records. In such instances, dig should be used instead.
This is shown in the example outputs here for cisco.com.