Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vaidating an spf record #33

Open
greggles opened this issue Oct 11, 2021 · 2 comments
Open

vaidating an spf record #33

greggles opened this issue Oct 11, 2021 · 2 comments

Comments

@greggles
Copy link

Hi,

I'd like to use this tool to validate an spf record. It's not really clear to me the best and easiest way to do this. It seems like a useful feature to support easily and perhaps document in the README.md.

I did look at the Kitterman code which seems to validate spf records, but didn't quite figure out their invocation yet.

@sdgathman
Copy link
Owner

"Validating" is kind of a hack. You pass an ip that doesn't match anything, making everything get parsed. I'm not sure what Kitterman does, but you can pass the undocumented (should document) special value 'list' or 'list6' for the ip. This will not match any mechanism, and in addition tries to build a set of ips that would match and get Pass. This is very incomplete, and impossible in general. But it does make every mechanism get parsed, which "validates" the policy.

It SHOULD be possible to know when the list of matching ips is complete. The libspf C library does this, and can "compile" policies for ultra fast subsequent evaluations. It caches the ipset for any policy that can be completely represented by a set. E.g. "v=spf1 a:1.2.3.0/24 -all" Also, there should be an ipset for each result, not just Pass.

@sdgathman
Copy link
Owner

It would be less hacky to just have a "validate" method that parses all mechanisms without otherwise evaluating them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants