False positive: Mechanism and modifier names should be treated case-insensitive.

[Kagee]

Per https://tools.ietf.org/html/rfc7208#section-4.6.1 and https://tools.ietf.org/html/rfc7208#section-12, mechanism and modifier names are case-insensitive.

checkdmarc -v
4.1.9

Example

The error is triggered because they have one include with a capital I:

checkdmarc --skip-tls power.no | jq '.spf.record, .spf.error'

"v=spf1 ip4:213.239.100.7/32 ip4:62.50.189.10 ip4:62.50.189.5 ip4:81.95.247.218 ip4:168.245.17.167 ip4:81.95.247.14 ip4:91.216.62.130 ip4:213.179.58.64/27 ip4:213.179.41.64/28 mx include:trustpilotservice.com a:infostorm.emsp.no Include:spf.protection.outlook.com a:c.spf.service-now.com include:mailgun.org ~all"

"power.no: Expected mechanism at position 228 in: v=spf1 ip4:213.239.100.7/32 ip4:62.50.189.10 ip4:62.50.189.5 ip4:81.95.247.218 ip4:168.245.17.167 ip4:81.95.247.14 ip4:91.216.62.130 ip4:213.179.58.64/27 ip4:213.179.41.64/28 mx include:trustpilotservice.com a:infostorm.emsp.no Include:spf.protection.outlook.com a:c.spf.service-now.com include:mailgun.org ~all"

[Kagee]

Another example, ip4 vs IP4: spf2.dnb.no: Expected mechanism at position 190 in: v=spf1 ip4:139.118.71.1/28 ip4:193.75.92.154 ip4:91.123.56.128 ip4:178.21.131.158 ip4:139.118.71.0/24 ip4:139.116.71.0/25 ip6:2a02:9c8:0:1000::/64 ip6:2a02:9c8:0:1001::/64 ip4:193.75.92.154 IP4:213.180.74.27 -all

[seanthegeek]

Fixed in checkdmarc 4.1.10. Thanks!