diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5360933..9a519f2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,28 +14,10 @@ jobs:
   #   uses: haraka/.github/.github/workflows/coverage.yml@master
   #   secrets: inherit
 
-  test:
-    needs: [ lint, get-lts ]
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, windows-latest ]
-        node-version: ${{ fromJson(needs.get-lts.outputs.active) }}
-      fail-fast: false
-    steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-node@v3
-      name: Node ${{ matrix.node-version }} on ${{ matrix.os }}
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm install
-    - run: npm test
+  ubuntu:
+    needs: [ lint ]
+    uses: haraka/.github/.github/workflows/ubuntu.yml@master
 
-  get-lts:
-    runs-on: ubuntu-latest
-    steps:
-      - id: get
-        uses: msimerson/node-lts-versions@v1
-    outputs:
-      active: ${{ steps.get.outputs.active }}
-      lts: ${{ steps.get.outputs.lts }}
+  windows:
+    needs: [ lint ]
+    uses: haraka/.github/.github/workflows/windows.yml@master
\ No newline at end of file
diff --git a/.release b/.release
index 20e8e5d..0890e94 160000
--- a/.release
+++ b/.release
@@ -1 +1 @@
-Subproject commit 20e8e5dbcf634c2f568d973966be42c4504db480
+Subproject commit 0890e945e4e061c96c7b2ab45017525904c17728
diff --git a/Changes.md b/Changes.md
index f47d518..e7bd1e6 100644
--- a/Changes.md
+++ b/Changes.md
@@ -2,6 +2,12 @@
 ### Unreleased
 
 
+### [1.2.4] - 2024-02-07
+
+- doc(README): add ini code fences, improve docs
+- dep(net-utils): bumped 1.5.0 -> 1.5.3
+
+
 ### [1.2.3] - 2023-07-14
 
 - fix: Handle DNS TXT array result (#15)
@@ -65,3 +71,4 @@
 [1.2.1]: https://github.com/haraka/haraka-plugin-spf/releases/tag/1.2.1
 [1.3.0]: https://github.com/haraka/haraka-plugin-spf/releases/tag/1.3.0
 [1.2.3]: https://github.com/haraka/haraka-plugin-spf/releases/tag/1.2.3
+[1.2.4]: https://github.com/haraka/haraka-plugin-spf/releases/tag/1.2.4
diff --git a/README.md b/README.md
index f7f9a03..a894e41 100644
--- a/README.md
+++ b/README.md
@@ -13,14 +13,18 @@ To make it reject mail then you will need to enable the relevant options below.
 of SPF but you will need to whitelist any hosts forwarding mail from another
 domain whilst preserving the original return-path.
 
-Configuration
+## Configuration
+
 -------------
 
 This plugin uses spf.ini for configuration and the following options are
 available:
 
-    [relay]
-    context=sender   (default: sender)
+
+```ini
+[relay]
+context=sender   (default: sender)
+```
 
 On connections with relaying privileges (MSA or mail relay), it is often
 desirable to evaluate SPF from the context of Haraka's public IP(s), in the
@@ -35,24 +39,28 @@ denying mail from senders whose SPF fails the checks.
 
 Additional settings allow you to control the small things (defaults are shown):
 
-    ; The lookup timeout, in seconds. Better set it to something much lower than this.
-    lookup_timeout = 29
+```ini
+; The lookup timeout, in seconds. Better set it to something much lower than this.
+lookup_timeout = 29
 
-    ; bypass hosts that match these conditions
-    [skip]
-    ; hosts that relay through us
-    relaying = false
-    ; hosts that are SMTP AUTH'ed
-    auth = false
+; bypass hosts that match these conditions
+[skip]
+; hosts that relay through us
+relaying = false
+; hosts that are SMTP AUTH'ed
+auth = false
+```
 
 There's a special setting that would allow the plugin to emit a funny explanation text on SPF DENY, essentially meant to be visible to end-users that will receive the bounce. The text is `http://www.openspf.org/Why?s=${scope}&id=${sender_id}&ip=${connection.remote.ip}` and is enabled by:
 
-    [deny]
-    openspf_text = true
-    
-    ; in case you DENY on failing SPF on hosts that are relaying (but why?)
-    [deny_relay]
-    openspf_text = true
+```ini
+[deny]
+openspf_text = true
+
+; in case you DENY on failing SPF on hosts that are relaying (but why?)
+[deny_relay]
+openspf_text = true
+```
 
 ### Things to Know
 
@@ -78,40 +86,59 @@ There's a special setting that would allow the plugin to emit a funny explanatio
 
 * Heed well the implications of SPF, as described in [RFC 4408](http://tools.ietf.org/html/rfc4408#section-9.3)
 
-    [defer]
-    helo_temperror
-    mfrom_temperror
-
-    [deny]
-    helo_none
-    helo_softfail
-    helo_fail
-    helo_permerror
-
-    mfrom_none
-    mfrom_softfail
-    mfrom_fail
-    mfrom_permerror
-    
-    openspf_text
-
-    ; SPF settings used when connection.relaying=true
-    [defer_relay]
-    helo_temperror
-    mfrom_temperror
-
-    [deny_relay]
-    helo_none
-    helo_softfail
-    helo_fail
-    helo_permerror
-
-    mfrom_none
-    mfrom_softfail
-    mfrom_fail
-    mfrom_permerror
-    
-    openspf_text
+### spf.ini default settings
+
+```ini
+lookup_timeout = 29
+
+
+[relay]
+context=sender
+
+
+[skip]
+relaying=false
+auth=false
+
+
+[defer]
+helo_temperror=false
+mfrom_temperror=false
+
+
+[deny]
+helo_none=false
+helo_softfail=false
+helo_fail=false
+helo_permerror=false
+
+mfrom_none=false
+mfrom_softfail=false
+mfrom_fail=false
+mfrom_permerror=false
+
+openspf_text=false
+
+
+; SPF settings used when connection.relaying=true
+[defer_relay]
+helo_temperror=false
+mfrom_temperror=false
+
+
+[deny_relay]
+helo_none=false
+helo_softfail=false
+helo_fail=false
+helo_permerror=false
+
+mfrom_none=false
+mfrom_softfail=false
+mfrom_fail=false
+mfrom_permerror=false
+
+openspf_text=false
+```
 
 
 Testing
@@ -121,17 +148,17 @@ This plugin also provides a command-line test tool that can be used to debug SPF
 
 To check the SPF record for a domain:
 
-````
+```sh
 # spf --ip 1.2.3.4 --domain fsl.com
 ip=1.2.3.4 helo="" domain="fsl.com" result=Fail
-````
+```
 
 To check the SPF record for a HELO/EHLO name:
 
-````
+```sh
 # spf --ip 1.2.3.4 --helo foo.bar.com
 ip=1.2.3.4 helo="foo.bar.com" domain="" result=None
-````
+```
 
 You can add `--debug` to the option arguments to see a full trace of the SPF processing.
 
diff --git a/package.json b/package.json
index 278788d..1d2f58b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "haraka-plugin-spf",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "Sender Policy Framework (SPF) plugin for Haraka",
   "main": "index.js",
   "scripts": {
@@ -24,19 +24,19 @@
     "url": "https://github.com/haraka/haraka-plugin-spf/issues"
   },
   "homepage": "https://github.com/haraka/haraka-plugin-spf#readme",
-  "devDependencies": {
-    "eslint": "^8.42.0",
-    "eslint-plugin-haraka": "*",
-    "haraka-test-fixtures": "^1.3.0",
-    "mocha": "^9.2.2"
-  },
   "bin": {
     "spf": "./bin/spf"
   },
   "dependencies": {
     "haraka-dsn": "^1.0.4",
-    "haraka-net-utils": "^1.5.0",
+    "haraka-net-utils": "^1.5.3",
     "ipaddr.js": "^2.1.0",
     "nopt": "^7.2.0"
+  },
+  "devDependencies": {
+    "eslint": "^8.56.0",
+    "eslint-plugin-haraka": "*",
+    "haraka-test-fixtures": "^1.3.3",
+    "mocha": "^10.2.0"
   }
 }