Re: [spfbis] SPF-checking tool
"Frank Bulk" <frnkblk@iname.com> Fri, 28 February 2020 05:50 UTC
Return-Path: <frnkblk@iname.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8B13A1087 for <spfbis@ietfa.amsl.com>; Thu, 27 Feb 2020 21:50:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.397
X-Spam-Level:
X-Spam-Status: No, score=-0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_FAIL=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LzOHHqIld4nC for <spfbis@ietfa.amsl.com>; Thu, 27 Feb 2020 21:50:25 -0800 (PST)
Received: from premieronline.net (mail.premieronline.net [IPv6:2607:fe28:0:4000::10]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98DFA3A10C4 for <spfbis@ietf.org>; Thu, 27 Feb 2020 21:50:25 -0800 (PST)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=199.120.69.4; envelope-from=<frnkblk@iname.com>;
Received: from FBULKPC (unverified [199.120.69.4]) by premieronline.net (SurgeMail 7.4f) with ESMTP id 12578321-1729245 for multiple; Thu, 27 Feb 2020 23:50:23 -0600
From: Frank Bulk <frnkblk@iname.com>
To: 'Stuart D Gathman' <stuart@gathman.org>
Cc: spfbis@ietf.org, 'Scott Kitterman' <sklist@kitterman.com>
References: <000001d5ecb6$106efd90$314cf8b0$@iname.com> <alpine.LRH.2.21.2002270235340.2087@mail.gathman.org> <000001d5ed86$6e0b90f0$4a22b2d0$@iname.com> <alpine.LRH.2.21.2002271430460.5527@mail.gathman.org> <001601d5edf9$0e1e8b20$2a5ba160$@iname.com>
In-Reply-To: <001601d5edf9$0e1e8b20$2a5ba160$@iname.com>
Date: Thu, 27 Feb 2020 23:50:22 -0600
Message-ID: <001701d5edfa$f79bd6d0$e6d38470$@iname.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdXstTWAX0UO2VeETfGQ8rkT9QwrKgAvbOWAAAIkEGAAF5HuAAAHkjjwAACjwtA=
Content-Language: en-us
X-Originating-IP: 199.120.69.4
X-Vpipe: restarted=25 started /var/surgemail/scavs.pl (/var/surgemail/scavs.pl)
X-SpamDetect: : -3.4 sd=-3.4 0.02(X-SpamContent:clean) 0.04(X-myrbl:Color=white) 0.81(X-PhraseHits:verify) 0.74(Received:for multiple) [nnot=2, ng=2, nsum=0, nb=0, nw=2, -7.42]
X-SpamContent: Clean
X-LangGuess: English
X-MyRbl: Color=White (rbl) Age=0 Spam=0 Notspam=0 Stars=0 Good=31 Friend=0 Surbl=0 Catch=0 r=0 ip=199.120.69.4
X-IP-stats: Incoming Last 0, First 107, in=23650, out=0, spam=0 ip=199.120.69.4
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/TrkW2LKTwsUm2oY7YGM_EAj2pU8>
Subject: Re: [spfbis] SPF-checking tool
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 05:50:29 -0000
Sorry, that the output of my superscript -- please ignore. Frank -----Original Message----- From: spfbis <spfbis-bounces@ietf.org> On Behalf Of Frank Bulk Sent: Thursday, February 27, 2020 11:37 PM To: 'Stuart D Gathman' <stuart@gathman.org> Cc: spfbis@ietf.org; 'Scott Kitterman' <sklist@kitterman.com> Subject: Re: [spfbis] SPF-checking tool One more question: do I need to query these domains differently to get a clean result? boehringer-ingelheim.com: Unknown type: exists value %{i}._i.%{d}._d.espf.dmp.cisco.com genpt.com: Unknown type: exists value %{i}.spf.hc3618-75.iphmx.com good-sam.com: Unknown type: exists value %{i}.spf.good-sam.iphmx.com nationwide.com: Unknown type: exists value %{i}.spf.hc2638-63.iphmx.com ochealthsystem.org: Unknown type: exists value %{i}.spf.hc3620-0.iphmx.com sanfordhealth.org: Unknown type: exists value %{i}.spf.hc3620-0.iphmx.com Frank -----Original Message----- From: Stuart D Gathman <stuart@gathman.org> Sent: Thursday, February 27, 2020 1:53 PM To: Frank Bulk <frnkblk@iname.com> Cc: spfbis@ietf.org; 'Scott Kitterman' <sklist@kitterman.com> Subject: Re: [spfbis] SPF-checking tool On Thu, 27 Feb 2020, Frank Bulk wrote: > Perhaps I'm using an old version of that Python script, but here are some > examples. My best guess is that the python script stops as soon as it > passes the check, but doesn't evaluate the whole record. > > > deerequipment.com: Dmarcian notes "The target name for > "include:spf.protection.outlook.com" equals an already evaluated "include" > mechanism / "redirect" modifier." That is not an error. That is more of a "lint" feature. > visionnetusa.com: Dmarcian notes "Multiple SPF records found for > "visionnetusa.com". There should only be one." $ python spf.py visionnetusa.com PermError: Two or more type TXT spf records found. > ghekkonetworks.com: Dmarcian notes "Multiple SPF records found for > "ghekkonetworks.com". There should only be one." $ python spf.py ghekkonetworks.com PermError: Two or more type TXT spf records found. > > billtrust.com: Dmarcian notes " A DMARC record was detected under > "billtrust.com". DMARC records must be located at "_dmarc.billtrust.com", > and not directly at "billtrust.com". If DMARC was set up as a wildcard > record, that should be removed and placed only at the domain level." SPF doesn't do DMARC. > zayo.com: Dmarcian notes "12 DNS lookups required to evaluate the SPF > record. The maximum is 10." $ python spf.py 1.2.3.4 root@zayo.com zayo.com result: ('permerror', 550, 'SPF Permanent Error: Too many DNS lookups') None Granted, the description should include the count. Fixing now... > tivo.com: Dmarcian notes: > Error! 30 DNS lookups required to evaluate the SPF record. The > maximum is 10. > Error! SPF record is present, but invalid. > root@nagios:/usr/local/bin/spfcheck# /usr/bin/python spf.py "v=spf1 > include:_spf.tivo.com mx include:authsmtp.com include:stspg-customer.com > include:spf.protection.outlook.com include:aspmx.pardot.com > include:_spf.centercode.com ~all" 204.176.49.0 postmaster@tivo.com > mail.tivo.com > result: ('pass', 250, 'sender SPF authorized') include:_spf.tivo.com > root@nagios:/usr/local/bin/spfcheck# Here's one Dmarc missed in the horribly perverted tivo.com policy (the sheer size of the trace should make tivo immediately erase their policy and start over). $ python spf.py -v 1.2.3.4 root@tivo.com tivo.com result= ('tivo.com', 'TXT') ['RqJZ70Pn6J6AZTMjXGsp7DlGJ33V/G8i8mDWYfTLXWqRkvOqwFsSqQsX3QuDUNvjFaB9Tttla3 hcOixOuVcdQw=='] addcache= ('tivo.com', 'TXT') ['RqJZ70Pn6J6AZTMjXGsp7DlGJ33V/G8i8mDWYfTLXWqRkvOqwFsSqQsX3QuDUNvjFaB9Tttla3 hcOixOuVcdQw=='] result= ('tivo.com', 'TXT') ['status-page-domain-verification=fq5jzb9dvx37'] addcache= ('tivo.com', 'TXT') ['status-page-domain-verification=fq5jzb9dvx37'] result= ('tivo.com', 'TXT') ['v=spf1 include:_spf.tivo.com mx include:authsmtp.com include:stspg-customer.com include:spf.protection.outlook.com include:aspmx.pardot.com include:_spf.centercode.com ~all'] addcache= ('tivo.com', 'TXT') ['v=spf1 include:_spf.tivo.com mx include:authsmtp.com include:stspg-customer.com include:spf.protection.outlook.com include:aspmx.pardot.com include:_spf.centercode.com ~all'] result= ('tivo.com', 'TXT') ['MS=ms87319732'] addcache= ('tivo.com', 'TXT') ['MS=ms87319732'] result= ('tivo.com', 'TXT') ['pardot_43592_*=49af2b9098b2d30a71235cbf8a9855eb4846e62fcc95c9e47a8cdf9d5e5 842b7'] addcache= ('tivo.com', 'TXT') ['pardot_43592_*=49af2b9098b2d30a71235cbf8a9855eb4846e62fcc95c9e47a8cdf9d5e5 842b7'] result= ('tivo.com', 'TXT') ['onetrust-domain-verification=b96d88a367b2449c9b0f6062e3815b22'] addcache= ('tivo.com', 'TXT') ['onetrust-domain-verification=b96d88a367b2449c9b0f6062e3815b22'] result= ('tivo.com', 'TXT') ['0ed1fe018ac20dca8c20624109ac0610e88f36a065'] addcache= ('tivo.com', 'TXT') ['0ed1fe018ac20dca8c20624109ac0610e88f36a065'] result= ('tivo.com', 'TXT') ['e2cPMIx634wXtI6x2tFVmwNehpMoYRQ/Zt2xcek117k3drOPYN6uuCUDSC23Y9I4INWmUN4OF8 priX2RHbztUA=='] addcache= ('tivo.com', 'TXT') ['e2cPMIx634wXtI6x2tFVmwNehpMoYRQ/Zt2xcek117k3drOPYN6uuCUDSC23Y9I4INWmUN4OF8 priX2RHbztUA=='] result= ('tivo.com', 'TXT') ['pardot_43592_*=dfc113dde72c0a055d749915158b6234505740355598dd31d53be2f129a ac8a1'] addcache= ('tivo.com', 'TXT') ['pardot_43592_*=dfc113dde72c0a055d749915158b6234505740355598dd31d53be2f129a ac8a1'] top: tivo.com "v=spf1 include:_spf.tivo.com mx include:authsmtp.com include:stspg-customer.com include:spf.protection.outlook.com include:aspmx.pardot.com include:_spf.centercode.com ~all" result= ('_spf.tivo.com', 'TXT') ['v=spf1 include:_spf_netblocks1.tivo.com include:_spf_netblocks2.tivo.com include:_spf_netblocks3.tivo.com include:_spf.jobvite.com include:_spf.salesforce.com include:us._netblocks.mimecast.com include:us.confirmit.com a:secmail.ultipro.com ~all'] addcache= ('_spf.tivo.com', 'TXT') ['v=spf1 include:_spf_netblocks1.tivo.com include:_spf_netblocks2.tivo.com include:_spf_netblocks3.tivo.com include:_spf.jobvite.com include:_spf.salesforce.com include:us._netblocks.mimecast.com include:us.confirmit.com a:secmail.ultipro.com ~all'] include: _spf.tivo.com "v=spf1 include:_spf_netblocks1.tivo.com include:_spf_netblocks2.tivo.com include:_spf_netblocks3.tivo.com include:_spf.jobvite.com include:_spf.salesforce.com include:us._netblocks.mimecast.com include:us.confirmit.com a:secmail.ultipro.com ~all" result= ('_spf_netblocks1.tivo.com', 'TXT') ['v=spf1 ip4:204.176.49.0/24 ip4:209.34.86.213/31 ip4:208.73.180.0/22 ip4:69.25.59.161 ip4:198.61.141.237 ip4:216.23.184.197 ip4:207.38.45.154 ip4:204.14.232.64/28 ip4:202.129.242.64/31 ip4:156.45.254.11 ~all'] addcache= ('_spf_netblocks1.tivo.com', 'TXT') ['v=spf1 ip4:204.176.49.0/24 ip4:209.34.86.213/31 ip4:208.73.180.0/22 ip4:69.25.59.161 ip4:198.61.141.237 ip4:216.23.184.197 ip4:207.38.45.154 ip4:204.14.232.64/28 ip4:202.129.242.64/31 ip4:156.45.254.11 ~all'] include: _spf_netblocks1.tivo.com "v=spf1 ip4:204.176.49.0/24 ip4:209.34.86.213/31 ip4:208.73.180.0/22 ip4:69.25.59.161 ip4:198.61.141.237 ip4:216.23.184.197 ip4:207.38.45.154 ip4:204.14.232.64/28 ip4:202.129.242.64/31 ip4:156.45.254.11 ~all" result= ('_spf_netblocks2.tivo.com', 'TXT') ['v=spf1 ip4:65.213.152.14/31 ip4:216.136.162.124/31 ip4:156.45.254.31 ip4:156.45.254.32/29 ip4:50.57.43.233 ip4:64.78.17.176 ip4:65.17.254.100 ip4:65.17.254.108/31 ip4:63.131.159.146 ~all'] addcache= ('_spf_netblocks2.tivo.com', 'TXT') ['v=spf1 ip4:65.213.152.14/31 ip4:216.136.162.124/31 ip4:156.45.254.31 ip4:156.45.254.32/29 ip4:50.57.43.233 ip4:64.78.17.176 ip4:65.17.254.100 ip4:65.17.254.108/31 ip4:63.131.159.146 ~all'] include: _spf_netblocks2.tivo.com "v=spf1 ip4:65.213.152.14/31 ip4:216.136.162.124/31 ip4:156.45.254.31 ip4:156.45.254.32/29 ip4:50.57.43.233 ip4:64.78.17.176 ip4:65.17.254.100 ip4:65.17.254.108/31 ip4:63.131.159.146 ~all" result= ('_spf_netblocks3.tivo.com', 'TXT') ['v=spf1 ip4:63.131.159.151 ip4:216.157.16.107 ip4:216.136.162.123 ip4:207.106.123.26 ip4:192.237.163.108 ip4:66.150.161.30 ip4:108.166.45.120 ip4:50.31.43.169 ip4:50.57.175.27 ip4:166.78.203.73 include:_spf_o365.tivo.com ~all'] addcache= ('_spf_netblocks3.tivo.com', 'TXT') ['v=spf1 ip4:63.131.159.151 ip4:216.157.16.107 ip4:216.136.162.123 ip4:207.106.123.26 ip4:192.237.163.108 ip4:66.150.161.30 ip4:108.166.45.120 ip4:50.31.43.169 ip4:50.57.175.27 ip4:166.78.203.73 include:_spf_o365.tivo.com ~all'] include: _spf_netblocks3.tivo.com "v=spf1 ip4:63.131.159.151 ip4:216.157.16.107 ip4:216.136.162.123 ip4:207.106.123.26 ip4:192.237.163.108 ip4:66.150.161.30 ip4:108.166.45.120 ip4:50.31.43.169 ip4:50.57.175.27 ip4:166.78.203.73 include:_spf_o365.tivo.com ~all" result= ('_spf_o365.tivo.com', 'TXT') ['v=spf1 include:_spf_netblockso.tivo.com include:_spf_netblockso2.tivo.com include:_spf_netblockso3.tivo.com ~all'] addcache= ('_spf_o365.tivo.com', 'TXT') ['v=spf1 include:_spf_netblockso.tivo.com include:_spf_netblockso2.tivo.com include:_spf_netblockso3.tivo.com ~all'] include: _spf_o365.tivo.com "v=spf1 include:_spf_netblockso.tivo.com include:_spf_netblockso2.tivo.com include:_spf_netblockso3.tivo.com ~all" result= ('_spf_netblockso.tivo.com', 'TXT') ['v=spf1 ip4:13.111.0.0/22 ip4:13.111.53.0/24 ip4:13.111.54.0/24 ip4:23.253.182.103 ip4:23.253.183.145 ip4:23.253.183.146/31 ip4:23.253.183.148 ip4:23.253.183.150 ip4:50.31.43.169 ip4:50.57.43.233 ip4:50.57.175.27 ~all'] addcache= ('_spf_netblockso.tivo.com', 'TXT') ['v=spf1 ip4:13.111.0.0/22 ip4:13.111.53.0/24 ip4:13.111.54.0/24 ip4:23.253.182.103 ip4:23.253.183.145 ip4:23.253.183.146/31 ip4:23.253.183.148 ip4:23.253.183.150 ip4:50.31.43.169 ip4:50.57.43.233 ip4:50.57.175.27 ~all'] include: _spf_netblockso.tivo.com "v=spf1 ip4:13.111.0.0/22 ip4:13.111.53.0/24 ip4:13.111.54.0/24 ip4:23.253.182.103 ip4:23.253.183.145 ip4:23.253.183.146/31 ip4:23.253.183.148 ip4:23.253.183.150 ip4:50.31.43.169 ip4:50.57.43.233 ip4:50.57.175.27 ~all" result= ('_spf_netblockso2.tivo.com', 'TXT') ['v=spf1 ip4:54.240.0.0/18 ip4:62.13.128.0/24 ip4:62.13.129.128/25 ip4:62.13.136.0/21 ip4:62.13.144.0/21 ip4:62.13.152.0/23 ip4:63.128.21.0/24 ip4:63.131.159.146 ip4:63.131.159.151 ip4:64.78.17.176 ip4:65.17.254.100 ~all'] addcache= ('_spf_netblockso2.tivo.com', 'TXT') ['v=spf1 ip4:54.240.0.0/18 ip4:62.13.128.0/24 ip4:62.13.129.128/25 ip4:62.13.136.0/21 ip4:62.13.144.0/21 ip4:62.13.152.0/23 ip4:63.128.21.0/24 ip4:63.131.159.146 ip4:63.131.159.151 ip4:64.78.17.176 ip4:65.17.254.100 ~all'] include: _spf_netblockso2.tivo.com "v=spf1 ip4:54.240.0.0/18 ip4:62.13.128.0/24 ip4:62.13.129.128/25 ip4:62.13.136.0/21 ip4:62.13.144.0/21 ip4:62.13.152.0/23 ip4:63.128.21.0/24 ip4:63.131.159.146 ip4:63.131.159.151 ip4:64.78.17.176 ip4:65.17.254.100 ~all" result= ('_spf_netblockso3.tivo.com', 'TXT') ['v=spf1 ip4:65.17.254.108/31 ip4:65.213.152.14/31 include: spf.protection.outlook.com ~all'] addcache= ('_spf_netblockso3.tivo.com', 'TXT') ['v=spf1 ip4:65.17.254.108/31 ip4:65.213.152.14/31 include: spf.protection.outlook.com ~all'] include: _spf_netblockso3.tivo.com "v=spf1 ip4:65.17.254.108/31 ip4:65.213.152.14/31 include: spf.protection.outlook.com ~all" result: ('permerror', 550, 'SPF Permanent Error: _spf_netblockso3.tivo.com empty domain:: include:') None _______________________________________________ spfbis mailing list spfbis@ietf.org https://www.ietf.org/mailman/listinfo/spfbis
- [spfbis] SPF-checking tool Frank Bulk
- Re: [spfbis] SPF-checking tool Scott Kitterman
- Re: [spfbis] SPF-checking tool Stuart D Gathman
- Re: [spfbis] SPF-checking tool Frank Bulk
- Re: [spfbis] SPF-checking tool Stuart D Gathman
- Re: [spfbis] SPF-checking tool Frank Bulk
- Re: [spfbis] SPF-checking tool Frank Bulk
- Re: [spfbis] SPF-checking tool Frank Bulk
- Re: [spfbis] SPF-checking tool Stuart D Gathman
- Re: [spfbis] SPF-checking tool John Levine
- Re: [spfbis] SPF-checking tool Frank Bulk