diff --git a/dns/spoofable-spf-records-ptr.yaml b/dns/spoofable-spf-records-ptr.yaml
new file mode 100644
index 0000000000..0ff2a16226
--- /dev/null
+++ b/dns/spoofable-spf-records-ptr.yaml
@@ -0,0 +1,25 @@
+id: spoofable-spf-records-ptr
+
+info:
+  name: Find spoofable SPF records containing the PTR mechanism
+  author: binaryfigments
+  severity: info
+  description: Check if TXT records in DNS for SPF records that have the PTR mechanism that is spoofable.
+
+  # The PTR mechanism in an SPF records is spoofable. A bad actor can create a VPS with a mailserver and 
+  # give it any PTR record that it wants an most VPS providers.
+
+dns:
+  - name: "{{FQDN}}"
+    type: TXT
+    class: inet
+    recursion: true
+    retries: 3
+    matchers:
+      - type: word
+        words:
+          # Must contain SPF record
+          - "v=spf1"
+          # and must contain PTR option
+          - " ptr "
+        condition: and
\ No newline at end of file