calumsbaird
commented
5 years ago - This one is returning valid for me. TODO: test with actual domain
- Fair bit of work to fix the REGEX to handle that and probably more to implement it.
- This is because of the dot on the end. again the REGEX needs to be fixed (validate.py)
- Tests show this spf record is working fine. TODO: test with actual domain
- Failing at REGEX, again REGEX needs to be fixed
- Tests show this passing for me, TODO check with real domain.
- In theory the regex handles ipv6 fine, comment any specific examples
- I think this falls under the "It would be nice but not worth the work" banner, agree?
My tests:
from sdvalidator import *
# Q1.
cache = {'test.com': {'spf': ['v=spf1 include:sge.net include:spf.swiftdigital.com.au include:spf1.cms.test.com.au include:mailrelay.t1cloud.com ip4:233.120.145.11 ip4:233.110.146.98 ip4:233.25.173.106 ip4:234.252.210.42 -all']} }
assert validate_spf('test.com',cache) == 'VALID'
## Q1. with redirects?
valid = {'spf': ['v=spf1 -all']}
cache = {'test.com': {'spf': ['v=spf1 include:sge.net include:spf.swiftdigital.com.au include:spf1.cms.test.com.au include:mailrelay.t1cloud.com ip4:233.120.145.11 ip4:233.110.146.98 ip4:233.25.173.106 ip4:234.252.210.42 -all']}, 'sge.net': valid, 'spf.swiftdigital.com.au':valid, 'spf1.cms.test.com.au':valid, 'mailrelay.t1cloud.com':valid, }
assert validate_spf('test.com',cache) == 'VALID'
# Q2.
record = "v=spf1 include:example.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all"
cache = {'test.com': {'spf': [record]}}
#assert validate_spf('test.com',cache) == 'VALID' # FAILING TODO BUG
# Q3
x = 'sge.net.'
print(resolves(x))
print(pull_spf(x))
record = "v=spf1 include:sge.net. mx -all"
cache = {'test.com': {'spf':[record]}, 'sge.net': {'spf':valid}}
#assert validate_spf('test.com',cache) == 'VALID' # FAILING TODO BUG
# Q4
record = "v=spf1 ip4:161.146.236.60 ip4:161.146.236.61 -all"
cache = {'test.com': {'spf': [record]}}
assert validate_spf('test.com', cache) == 'VALID'
# Q5
record = "v=spf1 redirect=_spf.parksaustralia.gov.au"
cache = {'test.com': {'spf': [record]}}
#assert validate_spf('test.com', cache) == 'VALID' # FAILING TODO BUG
# Q6
record = "v=spf1 include:1.com ip4:1.1.1.1 include:2.com"
cache = {'test.com': {'spf': [record]}}
assert validate_spf('test.com', cache) == 'VALID'
I believe the issue occurs when the SPF record is split across two or more text record. For example "v=spf1 include:sge.net include:spf.swiftdigital.com.au include:spf1.cms.test.com.au include:mailrelay.t1cloud.com ip4:233.120.145.11 ip4:233.110.146.98 ip4:233.25.173.106 ip4:234.252.210.42 -all" returns invalid when it is a valid record
Further, the tool reports records with macros such as "v=spf1 include:example.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all" as invalid when they are valid.
The tool will also fail if the domain is fully qualified e.g. "v=spf1 include:sge.net. mx -all"
Also said "v=spf1 ip4:161.146.236.60 ip4:161.146.236.61 -all" is invalid when it is invalid. I believe this is due to the double spaces or two ip4 entries
Tool failed on "v=spf1 redirect=spf.parksaustralia.gov.au" even though it is correct. Possibly due to the '\'
Tool also has false invalid when the order of things is abnormal e.g. "v=spf1 include:1.com ip4:1.1.1.1 include:2.com" note the ip4 is sandwiched between includes
Tool struggles with :: ipv6 syntax
Lastly, the tool does not follow includes. So, if record includes a syntactically incorrect record the original record could still be marked as valid when it should be marked as invalid.