Difference between revisions of "SPF/term"

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< SPF
Jump to navigation Jump to search
(saving work and renaming page to depluralize)
 
m (Woozle moved page SPF/mechanisms to SPF/mechanism without leaving a redirect)
(No difference)

Revision as of 15:36, 18 August 2022

SPF mechanisms

About

Mechanisms used by SPF are defined in RFC 7208 Section 5. We'll refer to {the domain to which a DNS record refers} as the <host domain> (although the RFC refers to it as <target-name>).

Mechanisms are separated by spaces.

Commonly-used terms (are these defined in modifiers?):

  • <dual-cidr-length>: I don't yet know what this means.
  • <domain-spec> defaults to <host domain>.
code format meaning
Basic:
all all a test that always matches; place as last mechanism in a record to provide an explicit default
include include:<domain-spec> utility is unclear; includes evaluation of the given domain, but not in a clean way
Designated sender:
a a[:<domain-spec>] [ <dual-cidr-length> ] matches if <domain-spec> points to one of the <host domain>'s IP addresses
mx mx[:<domain-spec>] [ <dual-cidr-length> ] does an MX lookup on the <host domain>, then does an address lookup on each MX name returned...
  • It's not yet clear what the pass/fail criteria are.
  • Multiple MX mechanisms may be listed.
ptr (do not use[1])

ip4
ip6

ipN[:<ipN-network>] [ <ipN-cidr-length> ]
exists

Footnote

  1. From the RFC (formatting added for clarity): «This mechanism is slow, it is not as reliable as other mechanisms in cases of DNS errors, and it places a large burden on the .arpa name servers. If used, proper PTR records have to be in place for the domain's hosts and the "ptr" mechanism SHOULD be one of the last mechanisms checked. After many years of SPF deployment experience, it has been concluded that it is unnecessary and more reliable alternatives should be used instead. It is, however, still in use as part of the SPF protocol, so compliant check_host() implementations MUST support it.»