2022-08-30 18:25:43 -04:00
|
|
|
# spf -- expand and report on a given domain's SPF policy
|
|
|
|
|
|
|
|
|
|
The syntax for the Sender Policy Framework (SPF)
|
|
|
|
|
definition via a DNS TXT record is complex and
|
|
|
|
|
expansion and inspection of the final ruleset requires
|
|
|
|
|
possibly multiple DNS lookups.
|
|
|
|
|
|
|
|
|
|
The `spf` utility can be used to easily expand a
|
|
|
|
|
domain's policy and report on its definition from the
|
|
|
|
|
command-line.
|
|
|
|
|
|
|
|
|
|
For a longer discussion of SPF, please see this blog
|
|
|
|
|
post:
|
|
|
|
|
https://www.netmeister.org/blog/spf.html
|
|
|
|
|
|
|
|
|
|
Requirements
|
|
|
|
|
============
|
|
|
|
|
|
|
|
|
|
`spf(1)` is written in Perl, and you will need
|
|
|
|
|
the following modules installed:
|
|
|
|
|
|
|
|
|
|
* JSON
|
|
|
|
|
* Net::DNS
|
|
|
|
|
* Net::Netmask
|
|
|
|
|
|
2022-08-30 17:14:55 -08:00
|
|
|
On Debian and related systems, you may be able to
|
|
|
|
|
install these dependencies with:
|
|
|
|
|
|
|
|
|
|
`sudo apt install libjson-perl libnet-dns-perl libnet-netmask-perl`
|
|
|
|
|
|
2022-08-30 18:25:43 -04:00
|
|
|
Installation
|
|
|
|
|
============
|
|
|
|
|
|
|
|
|
|
To install the command and manual page somewhere
|
|
|
|
|
convenient, run `make install`; the Makefile defaults
|
|
|
|
|
to '/usr/local' but you can change the PREFIX:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ make PREFIX=~ install
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Documentation
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
Please see the manual page for all details:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
NAME
|
|
|
|
|
spf - report on the given domain's use of SPF
|
|
|
|
|
|
|
|
|
|
SYNOPSIS
|
|
|
|
|
spf [-Vhjv] [-r address] domain
|
|
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
|
The spf tool allows you to inspect the Sender Policy Framework DNS records
|
|
|
|
|
for the given domain.
|
|
|
|
|
|
|
|
|
|
OPTIONS
|
|
|
|
|
The following options are supported by spf:
|
|
|
|
|
|
|
|
|
|
-V Print version information and exit.
|
|
|
|
|
|
|
|
|
|
-h Display help and exit.
|
|
|
|
|
|
|
|
|
|
-j Generate output in json format.
|
|
|
|
|
|
|
|
|
|
-r address Explicitly query this resolver.
|
|
|
|
|
|
|
|
|
|
-v Be verbose. Can be specified multiple times.
|
|
|
|
|
|
|
|
|
|
DETAILS
|
|
|
|
|
The Sender Policy Framework (SPF) defined in RFC7208 specifies the format
|
|
|
|
|
for the SPF DNS entries a domain may choose to apply. These entries can
|
|
|
|
|
range from the straight forward to the complex, harboring certain surprises
|
|
|
|
|
or unintenionally obscuring important information, such as when one domain
|
|
|
|
|
includes the SPF records of another domain.
|
|
|
|
|
|
|
|
|
|
spf can be used to report on the comprehensive ruleset derived from the DNS
|
|
|
|
|
record. It does that by counting CIDRs, resolving e.g., MX records, and
|
|
|
|
|
recursively looking up SPF records of any included domains.
|
|
|
|
|
|
|
|
|
|
EXAMPLES
|
|
|
|
|
The following examples illustrate common usage of this tool.
|
|
|
|
|
|
|
|
|
|
To report on the SPF records for the domain netmeister.org:
|
|
|
|
|
|
|
|
|
|
spf netmeister.org
|
|
|
|
|
|
|
|
|
|
To query Quad9's public resolver for the same SPF records and report the
|
|
|
|
|
results in json format:
|
|
|
|
|
|
|
|
|
|
spf -r 2620:fe::fe -j netmeister.org
|
|
|
|
|
|
|
|
|
|
EXIT STATUS
|
|
|
|
|
The spf utility exits 0 on success, and >0 if an error occurs.
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
|
|
|
dig(1)
|
|
|
|
|
|
|
|
|
|
HISTORY
|
|
|
|
|
spf was originally written by Jan Schaumann <jschauma@netmeister.org> in
|
|
|
|
|
July 2022.
|
|
|
|
|
|
|
|
|
|
BUGS
|
|
|
|
|
Please file bugs and feature requests by emailing the author.
|
|
|
|
|
```
|
