You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to use this tool to validate an spf record. It's not really clear to me the best and easiest way to do this. It seems like a useful feature to support easily and perhaps document in the README.md.
I did look at the Kitterman code which seems to validate spf records, but didn't quite figure out their invocation yet.
The text was updated successfully, but these errors were encountered:
"Validating" is kind of a hack. You pass an ip that doesn't match anything, making everything get parsed. I'm not sure what Kitterman does, but you can pass the undocumented (should document) special value 'list' or 'list6' for the ip. This will not match any mechanism, and in addition tries to build a set of ips that would match and get Pass. This is very incomplete, and impossible in general. But it does make every mechanism get parsed, which "validates" the policy.
It SHOULD be possible to know when the list of matching ips is complete. The libspf C library does this, and can "compile" policies for ultra fast subsequent evaluations. It caches the ipset for any policy that can be completely represented by a set. E.g. "v=spf1 a:1.2.3.0/24 -all" Also, there should be an ipset for each result, not just Pass.
Hi,
I'd like to use this tool to validate an spf record. It's not really clear to me the best and easiest way to do this. It seems like a useful feature to support easily and perhaps document in the README.md.
I did look at the Kitterman code which seems to validate spf records, but didn't quite figure out their invocation yet.
The text was updated successfully, but these errors were encountered: