This tool will not be used for spamming purposes, but for phishing education. I'll check Spam Assassin out. EDIT: SPF aims to prevent email forgery, but If the domain name in the sender address is bogus or controlled the sender, the SPF test will not be of any use. So if I use something like @secure.mycompany which does not have an SPF record, the check is skipped